CVE-2014-9039

Published Nov 25, 2014

Last updated 8 years ago

CVSS info 4.3

Overview

Description: wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-254

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA"
          },
          {
            "criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05E4FA51-9B8A-49E4-B6E8-A9799BE216CC",
            "versionEndIncluding": "3.7.4"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4D38621-9941-4D03-91D7-3902930546A2"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "934CC6A1-D5E4-468C-B31D-F5C7B02FCE6C"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:3.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC02EF96-4F17-443C-A739-961EED916C18"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:3.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C631B472-8FF2-4A93-91F1-DCA813A8520A"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:3.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57EB9FD7-7922-44A5-BB82-410B33032E59"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC9343FA-182C-4E2E-85ED-13F0B398258A"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B79DE40E-BFA7-43DA-AB42-2812FB207941"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EED9381-2BFC-4BDA-AC4B-CBC77E8538D4"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E372A3D2-FCB5-4A74-840D-EC03732FCC97"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References