Pauldow
08-11-2009, 01:22 PM
It looks like there's a serious administrator password-reset vulnerability affecting the latest version of WordPress.
The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation.
ZDNET link (http://blogs.zdnet.com/security/?p=4002)
Explanation of issue (http://isc.sans.org/diary.html?storyid=6934&rss)
The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation.
ZDNET link (http://blogs.zdnet.com/security/?p=4002)
Explanation of issue (http://isc.sans.org/diary.html?storyid=6934&rss)