WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated

Description

When a user requested a password reset link, but did not use it and instead reset their password by logging in, the password reset link would still be usable.

This could give an attacker a larger attack window to obtain the password reset link. However, the attacker must first have access to the user's email account, which if this was the case, the attacker could just request another password reset link anyway.

Due to this, this vulnerability is a low risk and is unlikely to be exploited in the wild.

Affects WordPress

5.4
Fixed in version 5.4.1
5.3.2
Fixed in version 5.3.3
5.3.1
Fixed in version 5.3.3
5.3
Fixed in version 5.3.3
5.2.5
Fixed in version 5.2.6
5.2.4
Fixed in version 5.2.6
5.2.3
Fixed in version 5.2.6
5.2.2
Fixed in version 5.2.6
5.2.1
Fixed in version 5.2.6
5.2
Fixed in version 5.2.6

References

CVE
CVE-2020-11027
URL
https://wordpress.org/news/2020/04/wordpress-5-4-1/
URL
https://core.trac.wordpress.org/changeset/47634/
URL
https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
URL
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw

Classification

Type

BYPASS

Miscellaneous

Original Researcher

Muaz Bin Abdus Sattar & Jannes

Submitter

Ryan

Verified

No

WPVDB ID
7db191c0-d112-4f08-a419-a1cd81928c4e

Timeline

Publicly Published

2020-04-29 (about 2 years ago)

Added

2020-04-30 (about 2 years ago)

Last Updated

2020-05-02 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin