Description

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

Remediation

References

CVE-2014-6412

Related Vulnerabilities

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-13950)

Dolibarr Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11825)

Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5475)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.16)

WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)

Severity

High

Classification

CVE-2014-6412 CWE-640 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities