Description
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
Remediation
References
Related Vulnerabilities
WordPress Plugin Widget Settings Importer/Exporter Cross-Site Scripting (1.5.3)
Python Uncontrolled Resource Consumption Vulnerability (CVE-2025-13837)
WordPress Plugin Admin renamer extended Cross-Site Request Forgery (3.2.1)
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)
WordPress Plugin WooCommerce Catalog Enquiry Arbitrary File Upload (3.0.0)