7 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.7%
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
advisories.mageia.org/MGASA-2014-0493.html
openwall.com/lists/oss-security/2014/11/25/12
www.debian.org/security/2014/dsa-3085
www.mandriva.com/security/advisories?name=MDVSA-2014:233
www.securitytracker.com/id/1031243
wordpress.org/news/2014/11/wordpress-4-0-1/