Description
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Remediation
References
Related Vulnerabilities
WordPress 4.6.x Prototype Pollution (4.6 - 4.6.22)
WordPress Plugin Child Theme Creator by Orbisius Cross-Site Request Forgery (1.5.1)
Apache Tomcat Other Vulnerability (CVE-2000-0672)
PHP Other Vulnerability (CVE-2006-2660)
WordPress Plugin KNR Author List Widget 'listItem[]' Parameter SQL Injection (2.0.0)