Vulnerability CVE-2014-6412


Published: 2018-04-12   Modified: 2018-04-15

Description:
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

Type:

CWE-640

(Weak Password Recovery Mechanism for Forgotten Password)

Vendor: Wordpress
Product: Wordpress 
Version:
4.3.0
4.2.3
4.2.2
4.2.1
4.2
4.1.1
4.1
4.0.1
4.0
3.9.3
3.9.2
3.9.1
3.9.0
3.9
3.8.4
3.8.3
3.8.2
3.8.1
3.8
3.7.5
3.7.4
3.7.1
3.7
3.6.1
3.6
3.5.1
3.5.0
3.4.2
3.4.1
3.4.0
3.3.3
3.3.2
3.3.1
3.3
3.2.1
3.2
3.1.4
3.1.3
3.1.2
3.1.1
3.1
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.1
3.0
2.9.2
2.9.1.1
2.9.1
2.9
2.8.6
2.8.5.2
2.8.5.1
2.8.5
2.8.4
2.8.3
2.8.2
2.8.1
2.8
2.7.1
2.7
2.6.5
2.6.3
2.6.2
2.6.1
2.6
2.5.1
2.5
2.3.3
2.3.2
2.3.1
2.3
2.2.3
2.2.2
2.2.1
2.2
2.1.3
2.1.2
2.1.1
2.1
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.2
2.0.11
2.0.10
2.0.1
2.0
1.6.2
1.5.2
1.5.1.3
1.5.1.2
1.5.1.1
1.5.1
1.5
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://packetstormsecurity.com/files/130380/WordPress-Failed-Randomness.html
http://seclists.org/fulldisclosure/2015/Feb/42
http://seclists.org/fulldisclosure/2015/Feb/53
http://www.securityfocus.com/bid/72589
http://www.securitytracker.com/id/1031749
https://bugzilla.redhat.com/show_bug.cgi?id=1192474
https://core.trac.wordpress.org/ticket/28633

Related CVE
CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.
CVE-2019-9787
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elem...
CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filen...
CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can exe...
CVE-2018-20153
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
CVE-2018-20152
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
CVE-2018-20151
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the p...
CVE-2018-20150
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Copyright 2019, cxsecurity.com

 

Back to Top