Description
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Remediation
References
Related Vulnerabilities
Nginx Off-by-one Error Vulnerability (CVE-2021-23017)
Java Unspesificed Vulnerability (CVE-2019-2818)
WordPress Plugin All Post Contact Form Arbitrary File Upload (1.1.4)
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26149)
Internet Information Services Other Vulnerability (CVE-2001-0151)