Description

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Remediation

References

CVE-2014-9037

Related Vulnerabilities

OpenSSL Other Vulnerability (CVE-2015-3194)

Apache HTTP Server Other Vulnerability (CVE-2000-0869)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1029)

Drupal Core 9.1.x Cross-Site Request Forgery (9.1.0 - 9.1.12)

Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-5130)

Severity

Medium

Classification

CVE-2014-9037

Tags

Missing Update Known Vulnerabilities