CVE-2014-0166

描述

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.

受影響套件(1)

• Debian/wordpressfrom 0, < 3.8.2+dfsg-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0166