WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability



WordPress is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

WordPress 4.7.4 and prior are vulnerable.

Information

Bugtraq ID: 98295
Class: Access Validation Error
CVE: CVE-2017-8295

Remote: Yes
Local: No
Published: May 03 2017 12:00AM
Updated: May 03 2017 12:00AM
Credit: Dawid Golunski
Vulnerable: WordPress WordPress 4.7.4
WordPress WordPress 4.7.2
WordPress WordPress 4.7.1
WordPress WordPress 4.6.1
WordPress WordPress 4.5.2
WordPress WordPress 4.5.1
WordPress WordPress 4.5
WordPress WordPress 4.4.1
WordPress WordPress 4.4
WordPress WordPress 4.2.4
WordPress WordPress 4.2.3
WordPress WordPress 4.2.2
WordPress WordPress 4.2.1
WordPress WordPress 4.1.2
WordPress WordPress 4.1.1
WordPress WordPress 4.1
WordPress WordPress 3.9.2
WordPress WordPress 3.9.1
WordPress WordPress 3.9
WordPress WordPress 3.8.2
WordPress WordPress 3.8.1
WordPress WordPress 3.7.4
WordPress WordPress 3.7.1
WordPress WordPress 3.6.1
WordPress WordPress 3.6
WordPress WordPress 3.5.2
WordPress WordPress 3.5.1
WordPress WordPress 3.3.2
WordPress WordPress 3.2.2
WordPress WordPress 3.1.4
WordPress WordPress 3.1.3
WordPress WordPress 3.1.2
WordPress WordPress 3.1.1
WordPress WordPress 3.0.5
WordPress WordPress 3.0.4
WordPress WordPress 3.0.3
WordPress WordPress 3.0.2
WordPress WordPress 2.9.2
WordPress WordPress 2.9.1
WordPress WordPress 2.8.6
WordPress WordPress 2.8.5
WordPress WordPress 2.8.4
WordPress WordPress 2.8.3
WordPress WordPress 2.8.2
WordPress WordPress 2.8.1
WordPress WordPress 2.6.5
WordPress WordPress 2.6.2
WordPress WordPress 2.6.1
WordPress WordPress 2.5.1
WordPress WordPress 2.3.3
WordPress WordPress 2.3.2
WordPress WordPress 2.3.1
WordPress WordPress 2.2.3
WordPress WordPress 2.2.2
WordPress WordPress 2.2.1
WordPress WordPress 2.1.3
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.11
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 1.5.2
WordPress WordPress 1.5.1 .3
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.1
WordPress WordPress 1.5
WordPress WordPress 1.3.1
WordPress WordPress 1.2.2
WordPress WordPress 1.2.1
WordPress WordPress 1.2
+ Gentoo Linux 1.4
+ Gentoo Linux
WordPress WordPress 0.71
WordPress WordPress 0.6.2
WordPress WordPress 4.7.3
WordPress WordPress 4.7
WordPress WordPress 4.6
WordPress WordPress 4.5.3
WordPress WordPress 4.4.2
WordPress WordPress 4.3.1
WordPress WordPress 4.3
WordPress WordPress 4.2
WordPress WordPress 4.0.1
WordPress WordPress 4.0
WordPress WordPress 3.9.3
WordPress WordPress 3.9
WordPress WordPress 3.8.5
WordPress WordPress 3.8.4
WordPress WordPress 3.8.3
WordPress WordPress 3.8
WordPress WordPress 3.7.5
WordPress WordPress 3.7
WordPress WordPress 3.6
WordPress WordPress 3.5.0
WordPress WordPress 3.5
WordPress WordPress 3.4.2
WordPress WordPress 3.4.1
WordPress WordPress 3.4.0
WordPress WordPress 3.4
WordPress WordPress 3.3.3
WordPress WordPress 3.3.1
WordPress WordPress 3.3
WordPress WordPress 3.2.1
WordPress WordPress 3.2
WordPress WordPress 3.1
WordPress WordPress 3.0.6
WordPress WordPress 3.0.1
WordPress WordPress 2.9.1.1
WordPress WordPress 2.9
WordPress WordPress 2.8.5.2
WordPress WordPress 2.8.5.1
WordPress WordPress 2.8
WordPress WordPress 2.7.1
WordPress WordPress 2.7
WordPress WordPress 2.6.3
WordPress WordPress 2.6
WordPress WordPress 2.5
WordPress WordPress 2.3
WordPress WordPress 2.2.0
WordPress WordPress 2.2
WordPress WordPress 2.1
WordPress WordPress 2.0.9
WordPress WordPress 2.0.8
WordPress WordPress 1.6.2
WordPress WordPress 1.6
WordPress WordPress 1.5.1.1
WordPress WordPress 1.5
WordPress WordPress 1.4
WordPress WordPress 1.3.3
WordPress WordPress 1.3.2
WordPress WordPress 1.3
WordPress WordPress 1.2.5
WordPress WordPress 1.2.4
WordPress WordPress 1.2.3
WordPress WordPress 1.1.1
WordPress WordPress 1.0.2
WordPress WordPress 1.0.1
WordPress WordPress 0.72
WordPress WordPress 0.711
WordPress WordPress 0.71
WordPress WordPress 0.7
WordPress WordPress 0.6.2.1


Not Vulnerable:

Exploit


The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.


Related Posts

Comments