PT-2005-3048 · WordPress · Wordpress
James Bercegay
·
Published
2005-07-01
·
Updated
2016-10-18
·
CVE-2005-2109
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
WordPress versions 1.5.1.2 and earlier
Description:
The issue allows remote attackers to modify the content of the forgotten password e-mail message. This is achieved by exploiting the
message variable, which is not initialized before use, in the wp-login.php file.Recommendations:
For WordPress versions 1.5.1.2 and earlier, as a temporary workaround, consider restricting access to the
wp-login.php file until a patch is available. Avoid using the message variable in the forgotten password functionality to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wordpress