icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

WordPress < 2.8.4 Security Bypass Vulnerability

Medium

Synopsis

The remote host is affected by a security bypass vulnerability.

Description

The remote host is running a version of WordPress earlier than 2.8.4. Such versions are potentially affected by a flaw in the 'reset_password()' function of the 'wp-login.php' script which allows an attacker to reset the password for the first account without a key in the database (usually the admin account).

Solution

Upgrade to WordPress 2.8.4, or later.