漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
The WordPress password reset functionality contains a vulnerability which could potentially allow remote, unauthenticated attackers to get hold of the password reset link without previous authentication.
Affected Versions:
WordPress prior to 4.7.4
QID Detection Logic:
This QID depends on BlindElephant engine to detect the version of WordPress installation as active attacks could potentially harm live installations.
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to gain unauthorized access to a targeted users WordPress account.
解决方案
N/A Workaround:
Customers are advised to enable the UseCanonicalName feature to enforce static SERVER_NAME value.
0day
文章评论