Description
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Remediation
References
Related Vulnerabilities
WordPress Plugin myGallery Remote File Include (1.4b4)
WordPress Plugin WP Photo Album Plus 'wppa-album' Parameter SQL Injection (4.1.1)
WordPress Plugin Asset CleanUp:Page Speed Booster Cross-Site Scripting (1.3.6.7)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1829)