Release DateSep 15, 2009 |
Severityhigh |
ImpactSecurity Bypass: Remote attackers can bypass security checking of vulnerable systems. |
DescriptionThis indicates an attack attempt against a security-bypass vulnerability in WordPress.The vulnerability is due to the software's inability to properly restrict access to its password-resetting features. A remote attacker may exploit this to reset the password of the adminstrator account in WordPress. |
Affected ProductsWordPress version 2.8.3; prior versions may also be affected. |
Recommended ActionsUpgrade to version 2.8.4. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-2762 |
Reference/shttp://milw0rm.org/exploits/9410http://www.securityfocus.com/bid/36014 (BugTraq) |
