{"id":"MGASA-2014-0254","summary":"Updated wordpress package fixes multiple vulnerabilities","details":"Updated wordpress package fixes security vulnerabilities:\n\nWordPress before 3.7.2 allows remote authenticated users to publish posts\nby leveraging the Contributor role, related to wp-admin/includes/post.php\nand wp-admin/includes/class-wp-posts-list-table.php (CVE-2014-0165).\n\nThe wp_validate_auth_cookie function in wp-includes/pluggable.php in\nWordPress before 3.7.2 does not properly determine the validity of\nauthentication cookies, which makes it easier for remote attackers to\nobtain access via a forged cookie (CVE-2014-0166).\n\nThe wordpress package has been updated to version 3.9.1, fixing these and\nother issues.\n","modified":"2026-04-16T06:24:04.106905846Z","published":"2014-06-06T10:27:48Z","upstream":["CVE-2014-0165","CVE-2014-0166"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0254.html"},{"type":"ADVISORY","url":"http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:103/"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13184"}],"affected":[{"package":{"name":"wordpress","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/wordpress?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9.1-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0254.json"}},{"package":{"name":"wordpress","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/wordpress?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9.1-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0254.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}