FreeBSD : wordpress -- remote admin password reset vulnerability (2430e9c3-8741-11de-938e-003048590f9e)
High Nessus Plugin ID 40583
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionWordPress reports :
A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.
SolutionUpdate the affected packages.