Description

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

Remediation

References

CVE-2014-6412

Related Vulnerabilities

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24728)

Internet Information Services Other Vulnerability (CVE-2000-1147)

WordPress Plugin WordPress Custom Settings Cross-Site Scripting (1.0)

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Cross-Site Scripting (5.10.1)

WordPress Plugin Cookie Information-Free GDPR Consent Solution Privilege Escalation (1.4.2)

Severity

High

Classification

CVE-2014-6412 CWE-640 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities