DSA-2901-1 wordpress -- wordpressID: oval:org.secpod.oval:def:601262 | Date: (C)2014-07-25 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0165 A user with a contributor role, using a specially crafted request, can publish posts, which is reserved for users of the next-higher role. CVE-2014-0166 Jon Cave of the WordPress security team discovered that the wp_validate_auth_cookie function in wp-includes/pluggable.php does not properly determine the validity of authentication cookies, allowing a remote attacker to obtain access via a forged cookie.
Platform: |
Debian 7.0 |
Debian 6.0 |