| Name | Wordpress.Unauthenticated.Administrator.Password.Reset |
| Release Date | Sep 15, 2009 |
| Severity | High |
| Impact | Security Bypass: Remote attackers can bypass security checking of vulnerable systems. |
| Description | This indicates an attack attempt against a security-bypass vulnerability in WordPress.
The vulnerability is due to the software's inability to properly restrict access to its password-resetting features. A remote attacker may exploit this to reset the password of the adminstrator account in WordPress. |
| Affected Products | WordPress version 2.8.3; prior versions may also be affected. |
| Recommended Actions | Upgrade to version 2.8.4. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2762
|
| Reference/s | http://www.securityfocus.com/bid/36014 (BugTraq)
http://milw0rm.org/exploits/9410
|