CVE-2014-9037
EPSS 2.6%
Description
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
How to fix CVE-2014-9037
To remediate CVE-2014-9037, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 4.0.1+dfsg-1 or later
Is CVE-2014-9037 being exploited?
Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.0.1+dfsg-1