Description
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
Remediation
References
Related Vulnerabilities
WordPress Plugin Better Search Replace Multiple Unspecified Vulnerabilities (1.0.3)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2853)
WordPress Plugin Feed Statistics Open Redirect (3.0)
PHP Other Vulnerability (CVE-2004-1020)
Drupal Improper Input Validation Vulnerability (CVE-2014-5019)