- WordPress is prone to a security bypass vulnerability because it fails to adequately restrict access to the password reset feature. An attacker can exploit this issue to reset the administrator password of the application. Repeated attacks may allow the attacker to cause persistent Denial of Service conditions. WordPress version 2.8.3 is vulnerable; prior versions may also be affected.
- Update to WordPress version 2.8.4 or latest
- WordPress Plugin Search 10 times faster with Elasticsearch or Apache Solr with lots of data-WPSOLR Cross-Site Scripting (8.6)
- WordPress Plugin WordPress Backup and Migrate-BackupGuard Arbitrary File Upload (1.0.2)
- WordPress Plugin 3D Banner Rotator 'upload.php' Arbitrary File Upload (2.1)
- WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Cross-Site Scripting (5.1.2)
- WordPress Plugin Ultimate Member-User Profile & Membership Security Bypass (1.3.52)