Description

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Remediation

References

CVE-2014-9037

Related Vulnerabilities

WordPress Plugin Thumbnail carousel slider Arbitrary File Upload (1.0)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26593)

Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12615)

WordPress Plugin Ultimate Addons for Elementor Security Bypass (1.24.1)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2324)

Severity

Medium

Classification

CVE-2014-9037

Tags

Missing Update Known Vulnerabilities