VDB

GCVE-110-MAGEIA-2014-254

GCVE-110-MAGEIA-2014-254
Advisory Published
Vulnetix · Advisory published June 6, 2014
Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php (CVE-2014-0165). The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie (CVE-2014-0166). The wordpress package has been updated to version 3.9.1, fixing these and other issues.

Affected Products

VendorProductVersionsPlatforms
Mageiawordpress0 (affected), 3.9.1-1.mga4 (unaffected)
Mageiawordpress0 (affected), 3.9.1-1.mga3 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›