Description
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0639 Vulnerability (CVE-2016-0639)
WordPress Plugin Content Blocks (Custom Post Widget) Cross-Site Scripting (3.0)
WebLogic CVE-2024-21216 Vulnerability (CVE-2024-21216)
WordPress Plugin WP e-Commerce-Clockwork SMS Cross-Site Scripting (2.0.5)
WordPress 3.7.x Denial of Service Vulnerability (3.7 - 3.7.25)