Security News > 2017 > May > WordPress admins, take note: RCE and password reset vulnerabilities revealed (Help Net Security)

WordPress admins, take note: RCE and password reset vulnerabilities revealed (Help Net Security)
2017-05-04 18:59

Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 (CVE-2016-10033), and information about an unauthorized password reset zero-day vulnerability (CVE-2017-8295) in the latest version of the popular CMS. CVE-2016-10033 The vulnerability exists in the PHPMailer library, and can be exploited by unauthenticated remote attackers to gain access to and compromise an target application server on which a vulnerable WordPress Core version is installed … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/XAN4YMOlvYQ/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-05-04 CVE-2017-8295 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server.
network
high complexity
wordpress CWE-640
5.9
2016-12-30 CVE-2016-10033 Argument Injection or Modification vulnerability in multiple products
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
network
low complexity
phpmailer-project wordpress joomla CWE-88
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157