FreshPorts - VuXML

The Wordpress development team reports:

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

< 2.6.2

gt 0

Secunia reports:

Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.

< 2.6.5

gt 0

A Secunia Advisory report:

Input passed to the "posts_columns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

< 2.3.1

gt 0

MITRE reports:

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.

Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.

< 3.7.5,1

ge 3.8,1 lt 3.8.5,1

ge 3.9,1 lt 3.9.3,1

ge 4.0,1 lt 4.0.1,1

< 3.7.5

ge 3.8 lt 3.8.5

ge 3.9 lt 3.9.3

ge 4.0 lt 4.0.1

< 3.7.5

ge 3.8 lt 3.8.5

ge 3.9 lt 3.9.3

ge 4.0 lt 4.0.1

< 3.7.5

ge 3.8 lt 3.8.5

ge 3.9 lt 3.9.3

ge 4.0 lt 4.0.1

< 3.7.5

ge 3.8 lt 3.8.5

ge 3.9 lt 3.9.3

ge 4.0 lt 4.0.1