Description

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

Remediation

References

CVE-2014-6412

Related Vulnerabilities

Jetpack 2.9.3: Critical Security Update

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2020-1967)

WordPress Plugin Contact Form Manager Multiple Vulnerabilities (1.4.4)

Oracle Database Server CVE-2015-4863 Vulnerability (CVE-2015-4863)

WordPress Plugin Filter Custom Fields & Taxonomies Light Unspecified Vulnerability (1.04)

Severity

High

Classification

CVE-2014-6412 CWE-640 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities