- WordPress is prone to a security bypass vulnerability because it fails to adequately restrict access to the password reset feature. An attacker can exploit this issue to reset the administrator password of the application. Repeated attacks may allow the attacker to cause persistent Denial of Service conditions. WordPress version 2.8.3 is vulnerable; prior versions may also be affected.
- Update to WordPress version 2.8.4 or latest
- WordPress Plugin Admin Font Editor Cross-Site Scripting (1.8)
- WordPress Plugin Content Audit Blind SQL Injection (1.6)
- WordPress Plugin N-Media Post Front-end Form Arbitrary File Upload (1.0)
- WordPress Plugin Delete Comments By Status Multiple Cross-Site Scripting Vulnerabilities (1.5.2)
- WordPress Plugin Give-Democratizing Generosity Cross-Site Scripting (0.8)