Summary
The host is running WordPress and is prone to Security Bypass vulnerability.
Impact
Attackers can exploit this issue to bypass security restrictions and change the administrative password.
Impact Level: Application
Solution
Update to Version 2.8.4
http://wordpress.org/download/
Insight
The flaw is due to an error in the wp-login.php script password reset mechanism which can be exploited by passing an array variable in a resetpass (aka rp) action.
Affected
WordPress version prior to 2.8.4 on all running platform.
References
Severity
Classification
-
CVE CVE-2009-2762 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities