FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- remote admin password reset vulnerability

Affected packages
wordpress < 2.8.4,1
de-wordpress < 2.8.4
wordpress-mu < 2.8.4a


VuXML ID 2430e9c3-8741-11de-938e-003048590f9e
Discovery 2009-08-10
Entry 2009-08-12
Modified 2010-05-02

WordPress reports:

A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.


CVE Name CVE-2009-2762