What is CVE-2014-9039?

CVE-2014-9039 is a vulnerability in Mageia_project Mageia, classified under CWE-254. Published 2014-11-25.

Is CVE-2014-9039 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mageia_project Mageia

CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

EPSS: 0.017 (82.5th percentile) — read the EPSS interpretation.

Affected products

Mageia_project Mageia — versions 3, 4
Wordpress — versions 3.8, 3.8.1, 3.8.2
Debian Debian_linux — versions 7.0, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-254

Public proof-of-concept exploits

20142995/nuclei-templates

References

DSA-3085 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20141125 Re: WordPress 4.0.1 Security Release (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
1031243 (vdb-entry, x_refsource_SECTRACK)
MDVSA-2014:233 (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2014-9039?: CVE-2014-9039 is a vulnerability in Mageia_project Mageia, classified under CWE-254. Published 2014-11-25.
Is CVE-2014-9039 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.