Security News > 2017 > May > WordPress admins, take note: RCE and password reset vulnerabilities revealed (Help Net Security)
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 (CVE-2016-10033), and information about an unauthorized password reset zero-day vulnerability (CVE-2017-8295) in the latest version of the popular CMS. CVE-2016-10033 The vulnerability exists in the PHPMailer library, and can be exploited by unauthenticated remote attackers to gain access to and compromise an target application server on which a vulnerable WordPress Core version is installed … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/XAN4YMOlvYQ/
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Security plugin flaw in millions of WordPress sites gives admin access (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-04 | CVE-2017-8295 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. | 5.9 |
2016-12-30 | CVE-2016-10033 | Argument Injection or Modification vulnerability in multiple products The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | 9.8 |