{"id":"MGASA-2014-0493","summary":"Updated wordpress package fixes security vulnerabilities","details":"XSS in wptexturize() via comments or posts, exploitable for unauthenticated users (CVE-2014-9031).\n\nXSS in media playlists (CVE-2014-9032).\n\nCSRF in the password reset process (CVE-2014-9033).\n\nDenial of service for giant passwords. The phpass library by Solar Designer\nwas used in both projects without setting a maximum password length, which\ncan lead to CPU exhaustion upon hashing (CVE-2014-9034).\n\nXSS in Press This (CVE-2014-9035).\n\nXSS in HTML filtering of CSS in posts (CVE-2014-9036).\n\nHash comparison vulnerability in old-style MD5-stored passwords\n(CVE-2014-9037).\n\nSSRF: Safe HTTP requests did not sufficiently block the loopback IP address\nspace (CVE-2014-9038).\n\nPreviously an email address change would not invalidate a previous password\nreset email (CVE-2014-9039).\n","modified":"2026-04-16T01:47:37.286949675Z","published":"2014-11-26T17:29:06Z","upstream":["CVE-2014-9031","CVE-2014-9032","CVE-2014-9033","CVE-2014-9034","CVE-2014-9035","CVE-2014-9036","CVE-2014-9037","CVE-2014-9038","CVE-2014-9039"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0493.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14625"},{"type":"WEB","url":"https://wordpress.org/news/2014/11/wordpress-4-0-1/"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2014/11/25/12"}],"affected":[{"package":{"name":"wordpress","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/wordpress?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9.3-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0493.json"}},{"package":{"name":"wordpress","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/wordpress?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0493.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}