Description

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Remediation

References

CVE-2014-9037

Related Vulnerabilities

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0734)

Envoy Proxy Use After Free Vulnerability (CVE-2021-43825)

XWiki Other Vulnerability (CVE-2023-29507)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1318)

WordPress Plugin Job Manager Cross-Site Scripting (0.7.22)

Severity

Medium

Classification

CVE-2014-9037

Tags

Missing Update Known Vulnerabilities