Description

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

Remediation

References

CVE-2014-9039

Related Vulnerabilities

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2068)

Oracle Database Server CVE-2014-6546 Vulnerability (CVE-2014-6546)

Oracle JRE CVE-2019-2949 Vulnerability (CVE-2019-2949)

WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (7.2.04)

WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.1)

Severity

Medium

Classification

CVE-2014-9039

Tags

Missing Update Known Vulnerabilities