WordPress < 5.4.1 – Password Reset Tokens Failed to Be Properly Invalidated | CVE 2020-11027

Description

When a user requested a password reset link, but did not use it and instead reset their password by logging in, the password reset link would still be usable.

This could give an attacker a larger attack window to obtain the password reset link. However, the attacker must first have access to the user's email account, which if this was the case, the attacker could just request another password reset link anyway.

Due to this, this vulnerability is a low risk and is unlikely to be exploited in the wild.

Affects WordPress

5.4

Fixed in WordPress 5.4.1

5.3.2

Fixed in WordPress 5.3.3

5.3.1

Fixed in WordPress 5.3.3

5.3

Fixed in WordPress 5.3.3

5.2.5

Fixed in WordPress 5.2.6

5.2.4

Fixed in WordPress 5.2.6

5.2.3

Fixed in WordPress 5.2.6

5.2.2

Fixed in WordPress 5.2.6

5.2.1

Fixed in WordPress 5.2.6

5.2

Fixed in WordPress 5.2.6

5.1.4

Fixed in WordPress 5.1.5

5.1.3

Fixed in WordPress 5.1.5

5.1.2

Fixed in WordPress 5.1.5

5.1.1

Fixed in WordPress 5.1.5

5.1

Fixed in WordPress 5.1.5

5.0.8

Fixed in WordPress 5.0.9

5.0.7

Fixed in WordPress 5.0.9

5.0.6

Fixed in WordPress 5.0.9

5.0.4

Fixed in WordPress 5.0.9

5.0.3

Fixed in WordPress 5.0.9

5.0.2

Fixed in WordPress 5.0.9

5.0.1

Fixed in WordPress 5.0.9

5.0

Fixed in WordPress 5.0.9

4.9.9

Fixed in WordPress 4.9.14

4.9.8

Fixed in WordPress 4.9.14

4.9.7

Fixed in WordPress 4.9.14

4.9.6

Fixed in WordPress 4.9.14

4.9.5

Fixed in WordPress 4.9.14

4.9.4

Fixed in WordPress 4.9.14

4.9.3

Fixed in WordPress 4.9.14

4.9.2

Fixed in WordPress 4.9.14

4.9.13

Fixed in WordPress 4.9.14

4.9.12

Fixed in WordPress 4.9.14

4.9.11

Fixed in WordPress 4.9.14

4.9.10

Fixed in WordPress 4.9.14

4.9.1

Fixed in WordPress 4.9.14

4.9

Fixed in WordPress 4.9.14

4.8.9

Fixed in WordPress 4.8.13

4.8.8

Fixed in WordPress 4.8.13

4.8.7

Fixed in WordPress 4.8.13

4.8.6

Fixed in WordPress 4.8.13

4.8.5

Fixed in WordPress 4.8.13

4.8.4

Fixed in WordPress 4.8.13

4.8.3

Fixed in WordPress 4.8.13

4.8.2

Fixed in WordPress 4.8.13

4.8.12

Fixed in WordPress 4.8.13

4.8.11

Fixed in WordPress 4.8.13

4.8.10

Fixed in WordPress 4.8.13

4.8.1

Fixed in WordPress 4.8.13

4.8

Fixed in WordPress 4.8.13

4.7.9

Fixed in WordPress 4.7.17

4.7.8

Fixed in WordPress 4.7.17

4.7.7

Fixed in WordPress 4.7.17

4.7.6

Fixed in WordPress 4.7.17

4.7.5

Fixed in WordPress 4.7.17

4.7.4

Fixed in WordPress 4.7.17

4.7.3

Fixed in WordPress 4.7.17

4.7.2

Fixed in WordPress 4.7.17

4.7.16

Fixed in WordPress 4.7.17

4.7.15

Fixed in WordPress 4.7.17

4.7.14

Fixed in WordPress 4.7.17

4.7.13

Fixed in WordPress 4.7.17

4.7.12

Fixed in WordPress 4.7.17

4.7.11

Fixed in WordPress 4.7.17

4.7.10

Fixed in WordPress 4.7.17

4.7.1

Fixed in WordPress 4.7.17

4.7

Fixed in WordPress 4.7.17

4.6.9

Fixed in WordPress 4.6.18

4.6.8

Fixed in WordPress 4.6.18

4.6.7

Fixed in WordPress 4.6.18

4.6.6

Fixed in WordPress 4.6.18

4.6.5

Fixed in WordPress 4.6.18

4.6.4

Fixed in WordPress 4.6.18

4.6.3

Fixed in WordPress 4.6.18

4.6.2

Fixed in WordPress 4.6.18

4.6.17

Fixed in WordPress 4.6.18

4.6.16

Fixed in WordPress 4.6.18

4.6.15

Fixed in WordPress 4.6.18

4.6.14

Fixed in WordPress 4.6.18

4.6.13

Fixed in WordPress 4.6.18

4.6.12

Fixed in WordPress 4.6.18

4.6.11

Fixed in WordPress 4.6.18

4.6.10

Fixed in WordPress 4.6.18

4.6.1

Fixed in WordPress 4.6.18

4.6

Fixed in WordPress 4.6.18

4.5.9

Fixed in WordPress 4.5.21

4.5.8

Fixed in WordPress 4.5.21

4.5.7

Fixed in WordPress 4.5.21

4.5.6

Fixed in WordPress 4.5.21

4.5.5

Fixed in WordPress 4.5.21

4.5.4

Fixed in WordPress 4.5.21

4.5.3

Fixed in WordPress 4.5.21

4.5.20

Fixed in WordPress 4.5.21

4.5.2

Fixed in WordPress 4.5.21

4.5.19

Fixed in WordPress 4.5.21

4.5.18

Fixed in WordPress 4.5.21

4.5.17

Fixed in WordPress 4.5.21

4.5.16

Fixed in WordPress 4.5.21

4.5.15

Fixed in WordPress 4.5.21

4.5.14

Fixed in WordPress 4.5.21

4.5.13

Fixed in WordPress 4.5.21

4.5.12

Fixed in WordPress 4.5.21

4.5.11

Fixed in WordPress 4.5.21

4.5.10

Fixed in WordPress 4.5.21

4.5.1

Fixed in WordPress 4.5.21

4.5

Fixed in WordPress 4.5.21

4.4.9

Fixed in WordPress 4.4.22

4.4.8

Fixed in WordPress 4.4.22

4.4.7

Fixed in WordPress 4.4.22

4.4.6

Fixed in WordPress 4.4.22

4.4.5

Fixed in WordPress 4.4.22

4.4.4

Fixed in WordPress 4.4.22

4.4.3

Fixed in WordPress 4.4.22

4.4.21

Fixed in WordPress 4.4.22

4.4.20

Fixed in WordPress 4.4.22

4.4.2

Fixed in WordPress 4.4.22

4.4.19

Fixed in WordPress 4.4.22

4.4.18

Fixed in WordPress 4.4.22

4.4.17

Fixed in WordPress 4.4.22

4.4.16

Fixed in WordPress 4.4.22

4.4.15

Fixed in WordPress 4.4.22

4.4.14

Fixed in WordPress 4.4.22

4.4.13

Fixed in WordPress 4.4.22

4.4.12

Fixed in WordPress 4.4.22

4.4.11

Fixed in WordPress 4.4.22

4.4.10

Fixed in WordPress 4.4.22

4.4.1

Fixed in WordPress 4.4.22

4.4

Fixed in WordPress 4.4.22

4.3.9

Fixed in WordPress 4.3.23

4.3.8

Fixed in WordPress 4.3.23

4.3.7

Fixed in WordPress 4.3.23

4.3.6

Fixed in WordPress 4.3.23

4.3.5

Fixed in WordPress 4.3.23

4.3.4

Fixed in WordPress 4.3.23

4.3.3

Fixed in WordPress 4.3.23

4.3.22

Fixed in WordPress 4.3.23

4.3.21

Fixed in WordPress 4.3.23

4.3.20

Fixed in WordPress 4.3.23

4.3.2

Fixed in WordPress 4.3.23

4.3.19

Fixed in WordPress 4.3.23

4.3.18

Fixed in WordPress 4.3.23

4.3.17

Fixed in WordPress 4.3.23

4.3.16

Fixed in WordPress 4.3.23

4.3.15

Fixed in WordPress 4.3.23

4.3.14

Fixed in WordPress 4.3.23

4.3.13

Fixed in WordPress 4.3.23

4.3.12

Fixed in WordPress 4.3.23

4.3.11

Fixed in WordPress 4.3.23

4.3.10

Fixed in WordPress 4.3.23

4.3.1

Fixed in WordPress 4.3.23

4.3

Fixed in WordPress 4.3.23

4.2.9

Fixed in WordPress 4.2.27

4.2.8

Fixed in WordPress 4.2.27

4.2.7

Fixed in WordPress 4.2.27

4.2.6

Fixed in WordPress 4.2.27

4.2.5

Fixed in WordPress 4.2.27

4.2.4

Fixed in WordPress 4.2.27

4.2.3

Fixed in WordPress 4.2.27

4.2.26

Fixed in WordPress 4.2.27

4.2.25

Fixed in WordPress 4.2.27

4.2.24

Fixed in WordPress 4.2.27

4.2.23

Fixed in WordPress 4.2.27

4.2.22

Fixed in WordPress 4.2.27

4.2.21

Fixed in WordPress 4.2.27

4.2.20

Fixed in WordPress 4.2.27

4.2.2

Fixed in WordPress 4.2.27

4.2.19

Fixed in WordPress 4.2.27

4.2.18

Fixed in WordPress 4.2.27

4.2.17

Fixed in WordPress 4.2.27

4.2.16

Fixed in WordPress 4.2.27

4.2.15

Fixed in WordPress 4.2.27

4.2.14

Fixed in WordPress 4.2.27

4.2.13

Fixed in WordPress 4.2.27

4.2.12

Fixed in WordPress 4.2.27

4.2.11

Fixed in WordPress 4.2.27

4.2.10

Fixed in WordPress 4.2.27

4.2.1

Fixed in WordPress 4.2.27

4.2

Fixed in WordPress 4.2.27

4.1.9

Fixed in WordPress 4.1.30

4.1.8

Fixed in WordPress 4.1.30

4.1.7

Fixed in WordPress 4.1.30

4.1.6

Fixed in WordPress 4.1.30

4.1.5

Fixed in WordPress 4.1.30

4.1.4

Fixed in WordPress 4.1.30

4.1.3

Fixed in WordPress 4.1.30

4.1.29

Fixed in WordPress 4.1.30

4.1.28

Fixed in WordPress 4.1.30

4.1.27

Fixed in WordPress 4.1.30

4.1.26

Fixed in WordPress 4.1.30

4.1.25

Fixed in WordPress 4.1.30

4.1.24

Fixed in WordPress 4.1.30

4.1.23

Fixed in WordPress 4.1.30

4.1.22

Fixed in WordPress 4.1.30

4.1.21

Fixed in WordPress 4.1.30

4.1.20

Fixed in WordPress 4.1.30

4.1.2

Fixed in WordPress 4.1.30

4.1.19

Fixed in WordPress 4.1.30

4.1.18

Fixed in WordPress 4.1.30

4.1.17

Fixed in WordPress 4.1.30

4.1.16

Fixed in WordPress 4.1.30

4.1.15

Fixed in WordPress 4.1.30

4.1.14

Fixed in WordPress 4.1.30

4.1.13

Fixed in WordPress 4.1.30

4.1.12

Fixed in WordPress 4.1.30

4.1.11

Fixed in WordPress 4.1.30

4.1.10

Fixed in WordPress 4.1.30

4.1.1

Fixed in WordPress 4.1.30

4.1

Fixed in WordPress 4.1.30

4.0.9

Fixed in WordPress 4.0.30

4.0.8

Fixed in WordPress 4.0.30

4.0.7

Fixed in WordPress 4.0.30

4.0.6

Fixed in WordPress 4.0.30

4.0.5

Fixed in WordPress 4.0.30

4.0.4

Fixed in WordPress 4.0.30

4.0.3

Fixed in WordPress 4.0.30

4.0.29

Fixed in WordPress 4.0.30

4.0.28

Fixed in WordPress 4.0.30

4.0.27

Fixed in WordPress 4.0.30

4.0.26

Fixed in WordPress 4.0.30

4.0.25

Fixed in WordPress 4.0.30

4.0.24

Fixed in WordPress 4.0.30

4.0.23

Fixed in WordPress 4.0.30

4.0.22

Fixed in WordPress 4.0.30

4.0.21

Fixed in WordPress 4.0.30

4.0.20

Fixed in WordPress 4.0.30

4.0.2

Fixed in WordPress 4.0.30

4.0.19

Fixed in WordPress 4.0.30

4.0.18

Fixed in WordPress 4.0.30

4.0.17

Fixed in WordPress 4.0.30

4.0.16

Fixed in WordPress 4.0.30

4.0.15

Fixed in WordPress 4.0.30

4.0.14

Fixed in WordPress 4.0.30

4.0.13

Fixed in WordPress 4.0.30

4.0.12

Fixed in WordPress 4.0.30

4.0.11

Fixed in WordPress 4.0.30

4.0.10

Fixed in WordPress 4.0.30

4.0.1

Fixed in WordPress 4.0.30

4.0

Fixed in WordPress 4.0.30

3.9.9

Fixed in WordPress 3.9.31

3.9.8

Fixed in WordPress 3.9.31

3.9.7

Fixed in WordPress 3.9.31

3.9.6

Fixed in WordPress 3.9.31

3.9.5

Fixed in WordPress 3.9.31

3.9.4

Fixed in WordPress 3.9.31

3.9.30

Fixed in WordPress 3.9.31

3.9.3

Fixed in WordPress 3.9.31

3.9.29

Fixed in WordPress 3.9.31

3.9.28

Fixed in WordPress 3.9.31

3.9.27

Fixed in WordPress 3.9.31

3.9.26

Fixed in WordPress 3.9.31

3.9.25

Fixed in WordPress 3.9.31

3.9.24

Fixed in WordPress 3.9.31

3.9.23

Fixed in WordPress 3.9.31

3.9.22

Fixed in WordPress 3.9.31

3.9.21

Fixed in WordPress 3.9.31

3.9.20

Fixed in WordPress 3.9.31

3.9.2

Fixed in WordPress 3.9.31

3.9.19

Fixed in WordPress 3.9.31

3.9.18

Fixed in WordPress 3.9.31

3.9.17

Fixed in WordPress 3.9.31

3.9.16

Fixed in WordPress 3.9.31

3.9.15

Fixed in WordPress 3.9.31

3.9.14

Fixed in WordPress 3.9.31

3.9.13

Fixed in WordPress 3.9.31

3.9.12

Fixed in WordPress 3.9.31

3.9.11

Fixed in WordPress 3.9.31

3.9.10

Fixed in WordPress 3.9.31

3.9.1

Fixed in WordPress 3.9.31

3.9

Fixed in WordPress 3.9.31

3.8.9

Fixed in WordPress 3.8.33

3.8.8

Fixed in WordPress 3.8.33

3.8.7

Fixed in WordPress 3.8.33

3.8.6

Fixed in WordPress 3.8.33

3.8.5

Fixed in WordPress 3.8.33

3.8.4

Fixed in WordPress 3.8.33

3.8.32

Fixed in WordPress 3.8.33

3.8.31

Fixed in WordPress 3.8.33

3.8.30

Fixed in WordPress 3.8.33

3.8.3

Fixed in WordPress 3.8.33

3.8.29

Fixed in WordPress 3.8.33

3.8.28

Fixed in WordPress 3.8.33

3.8.27

Fixed in WordPress 3.8.33

3.8.26

Fixed in WordPress 3.8.33

3.8.25

Fixed in WordPress 3.8.33

3.8.24

Fixed in WordPress 3.8.33

3.8.23

Fixed in WordPress 3.8.33

3.8.22

Fixed in WordPress 3.8.33

3.8.21

Fixed in WordPress 3.8.33

3.8.20

Fixed in WordPress 3.8.33

3.8.2

Fixed in WordPress 3.8.33

3.8.19

Fixed in WordPress 3.8.33

3.8.18

Fixed in WordPress 3.8.33

3.8.17

Fixed in WordPress 3.8.33

3.8.16

Fixed in WordPress 3.8.33

3.8.15

Fixed in WordPress 3.8.33

3.8.14

Fixed in WordPress 3.8.33

3.8.13

Fixed in WordPress 3.8.33

3.8.12

Fixed in WordPress 3.8.33

3.8.11

Fixed in WordPress 3.8.33

3.8.10

Fixed in WordPress 3.8.33

3.8.1

Fixed in WordPress 3.8.33

3.8

Fixed in WordPress 3.8.33

3.7.9

Fixed in WordPress 3.7.33

3.7.8

Fixed in WordPress 3.7.33

3.7.7

Fixed in WordPress 3.7.33

3.7.6

Fixed in WordPress 3.7.33

3.7.5

Fixed in WordPress 3.7.33

3.7.4

Fixed in WordPress 3.7.33

3.7.32

Fixed in WordPress 3.7.33

3.7.31

Fixed in WordPress 3.7.33

3.7.30

Fixed in WordPress 3.7.33

3.7.3

Fixed in WordPress 3.7.33

3.7.29

Fixed in WordPress 3.7.33

3.7.28

Fixed in WordPress 3.7.33

3.7.27

Fixed in WordPress 3.7.33

3.7.26

Fixed in WordPress 3.7.33

3.7.25

Fixed in WordPress 3.7.33

3.7.24

Fixed in WordPress 3.7.33

3.7.23

Fixed in WordPress 3.7.33

3.7.22

Fixed in WordPress 3.7.33

3.7.21

Fixed in WordPress 3.7.33

3.7.20

Fixed in WordPress 3.7.33

3.7.2

Fixed in WordPress 3.7.33

3.7.19

Fixed in WordPress 3.7.33

3.7.18

Fixed in WordPress 3.7.33

3.7.17

Fixed in WordPress 3.7.33

3.7.16

Fixed in WordPress 3.7.33

3.7.15

Fixed in WordPress 3.7.33

3.7.14

Fixed in WordPress 3.7.33

3.7.13

Fixed in WordPress 3.7.33

3.7.12

Fixed in WordPress 3.7.33

3.7.11

Fixed in WordPress 3.7.33

3.7.10

Fixed in WordPress 3.7.33

3.7.1

Fixed in WordPress 3.7.33

3.7

Fixed in WordPress 3.7.33

References

CVE

CVE-2020-11027

URL

https://wordpress.org/news/2020/04/wordpress-5-4-1/

URL

https://core.trac.wordpress.org/changeset/47634/

URL

https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/

URL

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw

Miscellaneous

Original Researcher

Muaz Bin Abdus Sattar & Jannes

Submitter

Ryan

Verified

WPVDB ID

7db191c0-d112-4f08-a419-a1cd81928c4e

Timeline

Publicly Published

2020-04-29 (about 5 years ago)

Added

2020-04-30 (about 5 years ago)

Last Updated

2020-05-02 (about 5 years ago)

Other

Published

Title

Published

2020-03-18

Title

Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints

Published

2021-01-20

Title

123ContactForm for WordPress <= 1.5.6 - Unauthenticated Arbitrary Post Creation

Published

2015-02-03

Title

UpdraftPlus <= 1.9.50 - Privilege Escalation via Nonce Leakage

Published

2023-10-24

Title

YOP Poll < 6.5.29 - Reusable Captcha via validateImage

Published

2015-06-10

Title

Paypal Currencucy Converter Basic For Woocommerce <= 1.3 - File Read