Password Reset Vulnerability in WordPress by Automattic
CVE-2014-9039

Currently unrated

Key Information:

Vendor

Wordpress
Status
Debian Linux
Vendor
CVE Published:
25 November 2014

What is CVE-2014-9039?

The vulnerability in WordPress's wp-login.php file allows remote attackers to reset user passwords by leveraging access to a user's email account that received a password-reset message. This can lead to unauthorized access and compromise of user accounts if the email is controlled by the attacker. Users are encouraged to update to the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2014/dsa-3085
vendor-advisoryx_refsource_DEBIAN
http://openwall.com/lists/oss-security/2014/11/25/12
mailing-listx_refsource_MLIST
http://advisories.mageia.org/MGASA-2014-0493.html
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.