Password Reset Vulnerability in WordPress by Automattic
CVE-2014-9039

Currently unrated

Key Information:

Vendor: Wordpress
Status: Debian Linux
Vendor: CVE Published:; 25 November 2014

Summary

The vulnerability in WordPress's wp-login.php file allows remote attackers to reset user passwords by leveraging access to a user's email account that received a password-reset message. This can lead to unauthorized access and compromise of user accounts if the email is controlled by the attacker. Users are encouraged to update to the latest version to mitigate this risk.

References

http://www.debian.org/security/2014/dsa-3085

vendor-advisoryx_refsource_DEBIAN

http://openwall.com/lists/oss-security/2014/11/25/12

mailing-listx_refsource_MLIST

http://advisories.mageia.org/MGASA-2014-0493.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 25, 2014
Vulnerability Reserved
Nov 20, 2014