Description
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Remediation
References
Related Vulnerabilities
WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)
WordPress Plugin WP-PostViews Cross-Site Request Forgery (1.62)
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2016-4068)
Internet Information Services Other Vulnerability (CVE-1999-0012)
Django Incorrect Default Permissions Vulnerability (CVE-2020-24583)