Vulnerabilities

CVE-2014-9039

by Fred · 25/11/2014

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

Date published : 2014-11-25

http://advisories.mageia.org/MGASA-2014-0493.html

http://core.trac.wordpress.org/changeset/30431

Related

Tags: Cybersecurity Alert