wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-236-1 | wordpress security update |
![]() |
DSA-3085-1 | wordpress security update |
![]() |
EUVD-2014-8867 | wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T13:33:13.527Z
Reserved: 2014-11-20T00:00:00
Link: CVE-2014-9039

No data.

Status : Deferred
Published: 2014-11-25T23:59:10.443
Modified: 2025-04-12T10:46:40.837
Link: CVE-2014-9039

No data.

No data.