|
|
Log in / Subscribe / Register

wordpress: remote admin password reset

Package(s):wordpress CVE #(s):
Created:August 12, 2009 Updated:August 12, 2009
Description:

From the advisory on full-disclosure:

A web browser is sufficient to reproduce this Proof of concept: http://DOMAIN_NAME.TLD/wp-login.php?action=rp&key[]= The password will be reset without any confirmation.

An attacker could exploit this vulnerability to compromise the admin account of any wordpress/wordpress-mu <= 2.8.3

Alerts:
Fedora FEDORA-2009-8487 wordpress 2009-08-11
Fedora FEDORA-2009-8468 wordpress 2009-08-11
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds