CVE-2014-9037

Published: 25 November 2014

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Priority

Medium

Status

Package Release Status
wordpress
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.1+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.0.1+dfsg-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.0.1+dfsg-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)