CVE-2014-0166 vulnerabilities and exploits

(subscribe to this query)

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote malicious users to obtain access via a forged cookie.

Wordpress Wordpress Wordpress Wordpress 0.71 Wordpress Wordpress 1.0 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.1.1 Wordpress Wordpress 1.2 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.2.3 Wordpress Wordpress 1.2.4 Wordpress Wordpress 1.2.5

1 Github repository

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

WordPress prior to 3.7.2 and 3.8.x prior to 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.

Wordpress Wordpress Wordpress Wordpress 0.71 Wordpress Wordpress 1.0 Wordpress Wordpress 1.0.1 Wordpress Wordpress 1.0.2 Wordpress Wordpress 1.1.1 Wordpress Wordpress 1.2 Wordpress Wordpress 1.2.1 Wordpress Wordpress 1.2.2 Wordpress Wordpress 1.2.3 Wordpress Wordpress 1.2.4 Wordpress Wordpress 1.2.5

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook