Description

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

Remediation

References

CVE-2014-0166

Related Vulnerabilities

WordPress Plugin mb.YTPlayer for background videos Unspecified Vulnerability (1.7.2)

WordPress Plugin Lockdown WP Admin Unspecified Vulnerability (1.1.2)

PHP Improper Certificate Validation Vulnerability (CVE-2015-3152)

b2evolution Other Vulnerability (CVE-2007-2358)

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More Cross-Site Scripting (16.24.47)

Severity

Medium

Classification

CVE-2014-0166 CWE-287

Tags

Missing Update Known Vulnerabilities