Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 2.8.4 Security Bypass Vulnerability

Medium

Synopsis

The remote host is affected by a security bypass vulnerability.

Description

The remote host is running a version of WordPress earlier than 2.8.4. Such versions are potentially affected by a flaw in the 'reset_password()' function of the 'wp-login.php' script which allows an attacker to reset the password for the first account without a key in the database (usually the admin account).

Solution

Upgrade to WordPress 2.8.4, or later.