ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.0.0 - Multiple Vulnerabilities #2

Product
WordPress
Description
Because of multiple vulnerabilities in WordPress 4.0.0 and previous versions, the attackers can obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-multiple-vulnerabilities
Solution
Update WordPress.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-9037
Versions
Affected In <= 4.0.0
Fixed In 4.0.1
Disclosure date
2014-11-20