WordPress 3.7.1 & 3.8.1 Potential Authentication Cookie Forgery

Affects WordPresses

fixed in version 3.8.2
fixed in version 3.7.2

References

CVE 2014-0166
URL https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/
URL https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Views 4901
Verified No
WPVDB ID 5964

Timeline

Publicly Published 2014-08-01 (about 5 years ago)
Added 2014-08-01 (about 5 years ago)
Last Updated 2018-08-29 (about 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin