wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-11-25T23:00:00
Updated: 2024-08-06T13:33:13.527Z
Reserved: 2014-11-20T00:00:00
Link: CVE-2014-9039
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-11-25T23:59:10.443
Modified: 2016-06-30T17:06:17.933
Link: CVE-2014-9039
Redhat
No data.