Description

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

Remediation

References

CVE-2014-0166

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4550)

Drupal Core 8.9.x Arbitrary File Overwrite (8.9.0 - 8.9.12)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2665)

PostgreSQL Other Vulnerability (CVE-2006-0678)

Osclass Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-0973)

Severity

Medium

Classification

CVE-2014-0166 CWE-287

Tags

Missing Update Known Vulnerabilities