CVE-2005-2109

Name of the Vulnerable Software and Affected Versions: WordPress versions 1.5.1.2 and earlier

Description: The issue allows remote attackers to modify the content of the forgotten password e-mail message. This is achieved by exploiting the message variable, which is not initialized before use, in the wp-login.php file.

Recommendations: For WordPress versions 1.5.1.2 and earlier, as a temporary workaround, consider restricting access to the wp-login.php file until a patch is available. Avoid using the message variable in the forgotten password functionality to minimize the risk of exploitation.