VDB
CVE-2014-9033
CVE-2014-9033
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.
EPSS 0.80% · 74.5th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.80%
74.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wordpress | wordpress | 3.7.4, 3.8.4, 3.9.2 |
| n/a | n/a | n/a |
Timeline
- Nov 25, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
References
- https://wordpress.org/news/2014/11/wordpress-4-0-1/ advisory
- DSA-3085 vendor-advisory
- http://core.trac.wordpress.org/changeset/30418 url
- [oss-security] 20141125 Re: WordPress 4.0.1 Security Release mailing-list
- http://advisories.mageia.org/MGASA-2014-0493.html url
- 1031243 vdb
- MDVSA-2014:233 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-9033 advisory
- https://wordpress.org/news/2014/11/wordpress-4-0-1 url