CVE-2014-9038 | SynScan

Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2014-9038

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.

Published: Nov 26, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-9038
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
WordPress / wordpress	3.8.3	3.8.3.x
WordPress / wordpress	3.9.2	3.9.2.x
WordPress / wordpress	3.8.2	3.8.2.x
WordPress / wordpress	4.0	4.0.x
WordPress / wordpress	3.8	3.8.x
WordPress / wordpress	3.8.1	3.8.1.x
WordPress / wordpress	3.9.1	3.9.1.x
WordPress / wordpress	3.8.4	3.8.4.x
WordPress / wordpress	-	3.7.4.x
WordPress / wordpress	3.9	3.9.x