A Vulnerability in WordPress Content Management System Could Allow for Security Bypass

ITS Advisory Number: 
2017-045
Date(s) Issued: 
Monday, May 8, 2017
Subject: 
A Vulnerability in WordPress Content Management System Could Allow for Security Bypass
Overview: 

A vulnerability has been discovered in WordPress content management system (CMS), which could allow for security bypass. WordPress is an open source content management system for websites. Successful exploitation of this vulnerability could allow for attackers to reset an administrative password for a website running the affected versions of WordPress.

Systems Affected: 
  • WordPress versions 4.7.4 and earlier
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

A vulnerability has been discovered in WordPress which could result in the unauthorized reset of an administrative account. This vulnerability exists because WordPress relies on the host HTTP header for a password reset email and fails to properly validate the server name. An attacker can exploit this issue by modifying the host name in a specifically crafted HTTP POST to the affected website. This will cause the password reset email to be sent to an attacker controlled email address, allowing the attacker access to the password reset link. While the owner of the targeted account will also receive the reset email, providing indication of a potential compromise, the attacker will gain access for an indeterminate length of time. (CVE-2017-8295)

Successful exploitation of this vulnerability could allow for attackers to reset an administrative password for a website running WordPress.

Actions: 
  • After appropriate testing, update WordPress CMS to the latest version once a patch has been released.
  • Ensure no unauthorized systems changes have occurred before applying patches.
  • Review and follow WordPress hardening guidelines - http://codex.wordpress.org/Hardening_WordPress.