A vulnerability has been discovered in WordPress content management system (CMS), which could allow for security bypass. WordPress is an open source content management system for websites. Successful exploitation of this vulnerability could allow for attackers to reset an administrative password for a website running the affected versions of WordPress.
- WordPress versions 4.7.4 and earlier
A vulnerability has been discovered in WordPress which could result in the unauthorized reset of an administrative account. This vulnerability exists because WordPress relies on the host HTTP header for a password reset email and fails to properly validate the server name. An attacker can exploit this issue by modifying the host name in a specifically crafted HTTP POST to the affected website. This will cause the password reset email to be sent to an attacker controlled email address, allowing the attacker access to the password reset link. While the owner of the targeted account will also receive the reset email, providing indication of a potential compromise, the attacker will gain access for an indeterminate length of time. (CVE-2017-8295)
Successful exploitation of this vulnerability could allow for attackers to reset an administrative password for a website running WordPress.
- After appropriate testing, update WordPress CMS to the latest version once a patch has been released.
- Ensure no unauthorized systems changes have occurred before applying patches.
- Review and follow WordPress hardening guidelines - http://codex.wordpress.org/Hardening_WordPress.