CVE-2014-0166
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.3159 (31.6%)
Percentil: 96.8%
EPSS: 2026-05-06
Afecta
wordpress:wordpressDescripción técnica
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.
Publicada: 10/4/2014, 0:55:09
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://codex.wordpress.org/Version_3.7.2
- http://codex.wordpress.org/Version_3.8.2
- http://core.trac.wordpress.org/changeset/28054
- http://www.debian.org/security/2014/dsa-2901
- https://bugzilla.redhat.com/show_bug.cgi?id=1085858
- http://codex.wordpress.org/Version_3.7.2
- http://codex.wordpress.org/Version_3.8.2
- http://core.trac.wordpress.org/changeset/28054