|
|
Log in / Subscribe / Register

wordpress: multiple vulnerabilities

Package(s):wordpress CVE #(s):CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039
Created:November 27, 2014 Updated:December 3, 2014
Description: From the Mageia advisory:

XSS in wptexturize() via comments or posts, exploitable for unauthenticated users (CVE-2014-9031).

XSS in media playlists (CVE-2014-9032).

CSRF in the password reset process (CVE-2014-9033).

Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without setting a maximum password length, which can lead to CPU exhaustion upon hashing (CVE-2014-9034).

XSS in Press This (CVE-2014-9035).

XSS in HTML filtering of CSS in posts (CVE-2014-9036).

Hash comparison vulnerability in old-style MD5-stored passwords (CVE-2014-9037).

SSRF: Safe HTTP requests did not sufficiently block the loopback IP address space (CVE-2014-9038).

Previously an email address change would not invalidate a previous password reset email (CVE-2014-9039).

Alerts:
Debian-LTS DLA-236-1 wordpress 2015-06-01
Fedora FEDORA-2014-15526 wordpress 2014-12-03
Fedora FEDORA-2014-15507 wordpress 2014-12-03
Debian DSA-3085-1 wordpress 2014-12-03
Mandriva MDVSA-2014:233 wordpress 2014-11-27
Mageia MGASA-2014-0493 wordpress 2014-11-26
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds