Description

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.

Remediation

References

CVE-2014-9034

Related Vulnerabilities

WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.5.9)

Moodle Other Vulnerability (CVE-2019-10188)

WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Cross-Site Scripting (19.6.24)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4301)

WordPress Plugin ManageWP Worker Unspecified Vulnerability (4.1.7)

Severity

Medium

Classification

CVE-2014-9034

Tags

Missing Update Known Vulnerabilities