Description

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

Remediation

References

CVE-2014-0166

Related Vulnerabilities

WordPress Plugin cformsII 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities (13.1)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.39)

Oracle JRE CVE-2013-2468 Vulnerability (CVE-2013-2468)

Oracle JRE CVE-2018-2618 Vulnerability (CVE-2018-2618)

WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.2)

Severity

Medium

Classification

CVE-2014-0166 CWE-287

Tags

Missing Update Known Vulnerabilities