Description
WordPress is prone to a security bypass vulnerability because it fails to adequately restrict access to the password reset feature. An attacker can exploit this issue to reset the administrator password of the application. Repeated attacks may allow the attacker to cause persistent Denial of Service conditions. WordPress version 2.8.3 is vulnerable; prior versions may also be affected.
Remediation
Update to WordPress version 2.8.4 or latest
References
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html
http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html
http://packetstormsecurity.org/files/view/80258/wordpress-adminreset.txt
Related Vulnerabilities
Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8)
WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)
WordPress Plugin VideoWhisper Video Presentation Arbitrary File Upload (3.31.17)
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.9.4)
WordPress Plugin Captcha by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (4.1.5)