CVE-2014-9039

Currently unrated

Key Information:

Vendor: Wordpress
Status: Debian Linux
Vendor: CVE Published:; 25 November 2014

Summary

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

References

http://www.debian.org/security/2014/dsa-3085

vendor-advisoryx_refsource_DEBIAN

http://openwall.com/lists/oss-security/2014/11/25/12

mailing-listx_refsource_MLIST

http://advisories.mageia.org/MGASA-2014-0493.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 25, 2014
Vulnerability Reserved
Nov 20, 2014