CVE-2014-0166

Description

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

How to fix CVE-2014-0166

To remediate CVE-2014-0166, upgrade the affected package to a fixed version below.

• Debian/wordpress—upgrade to 3.8.2+dfsg-1 or later

Is CVE-2014-0166 being exploited?

Moderate — EPSS is 35.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 3.8.2+dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-0166