ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.0.0 - Multiple Vulnerabilities #1

Product
WordPress
Description
There are multiple vulnerabilities in WordPress wp-login.php, such as cross site scripting, denial of service attacks, hash comparison, SSRF, CSRF. Because of these vulnerabilities, attackers can reset passwords by leveraging access to an e-mail account that received a password-reset message. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-multiple-vulnerabilities-2
Solution
Update WordPress.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-9039
Versions
Affected In <= 4.0.0
Fixed In 4.0.1
Disclosure date
2014-11-20