WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability

WordPress is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

WordPress 4.7.4 and prior are vulnerable.

Information

Bugtraq ID: 98295
Class: Access Validation Error
CVE: CVE-2017-8295

Remote: Yes
Local: No
Published: May 03 2017 12:00AM
Updated: May 03 2017 12:00AM
Credit: Dawid Golunski
Vulnerable: WordPress WordPress 4.7.4
WordPress WordPress 4.7.2
WordPress WordPress 4.7.1
WordPress WordPress 4.6.1
WordPress WordPress 4.5.2
WordPress WordPress 4.5.1
WordPress WordPress 4.5
WordPress WordPress 4.4.1
WordPress WordPress 4.4
WordPress WordPress 4.2.4
WordPress WordPress 4.2.3
WordPress WordPress 4.2.2
WordPress WordPress 4.2.1
WordPress WordPress 4.1.2
WordPress WordPress 4.1.1
WordPress WordPress 4.1
WordPress WordPress 3.9.2
WordPress WordPress 3.9.1
WordPress WordPress 3.9
WordPress WordPress 3.8.2
WordPress WordPress 3.8.1
WordPress WordPress 3.7.4
WordPress WordPress 3.7.1
WordPress WordPress 3.6.1
WordPress WordPress 3.6
WordPress WordPress 3.5.2
WordPress WordPress 3.5.1
WordPress WordPress 3.3.2
WordPress WordPress 3.2.2
WordPress WordPress 3.1.4
WordPress WordPress 3.1.3
WordPress WordPress 3.1.2
WordPress WordPress 3.1.1
WordPress WordPress 3.0.5
WordPress WordPress 3.0.4
WordPress WordPress 3.0.3
WordPress WordPress 3.0.2
WordPress WordPress 2.9.2
WordPress WordPress 2.9.1
WordPress WordPress 2.8.6
WordPress WordPress 2.8.5
WordPress WordPress 2.8.4
WordPress WordPress 2.8.3
WordPress WordPress 2.8.2
WordPress WordPress 2.8.1
WordPress WordPress 2.6.5
WordPress WordPress 2.6.2
WordPress WordPress 2.6.1
WordPress WordPress 2.5.1
WordPress WordPress 2.3.3
WordPress WordPress 2.3.2
WordPress WordPress 2.3.1
WordPress WordPress 2.2.3
WordPress WordPress 2.2.2
WordPress WordPress 2.2.1
WordPress WordPress 2.1.3
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.11
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 1.5.2
WordPress WordPress 1.5.1 .3
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.1
WordPress WordPress 1.5
WordPress WordPress 1.3.1
WordPress WordPress 1.2.2
WordPress WordPress 1.2.1
WordPress WordPress 1.2
+ Gentoo Linux 1.4
+ Gentoo Linux
WordPress WordPress 0.71
WordPress WordPress 0.6.2
WordPress WordPress 4.7.3
WordPress WordPress 4.7
WordPress WordPress 4.6
WordPress WordPress 4.5.3
WordPress WordPress 4.4.2
WordPress WordPress 4.3.1
WordPress WordPress 4.3
WordPress WordPress 4.2
WordPress WordPress 4.0.1
WordPress WordPress 4.0
WordPress WordPress 3.9.3
WordPress WordPress 3.9
WordPress WordPress 3.8.5
WordPress WordPress 3.8.4
WordPress WordPress 3.8.3
WordPress WordPress 3.8
WordPress WordPress 3.7.5
WordPress WordPress 3.7
WordPress WordPress 3.6
WordPress WordPress 3.5.0
WordPress WordPress 3.5
WordPress WordPress 3.4.2
WordPress WordPress 3.4.1
WordPress WordPress 3.4.0
WordPress WordPress 3.4
WordPress WordPress 3.3.3
WordPress WordPress 3.3.1
WordPress WordPress 3.3
WordPress WordPress 3.2.1
WordPress WordPress 3.2
WordPress WordPress 3.1
WordPress WordPress 3.0.6
WordPress WordPress 3.0.1
WordPress WordPress 2.9.1.1
WordPress WordPress 2.9
WordPress WordPress 2.8.5.2
WordPress WordPress 2.8.5.1
WordPress WordPress 2.8
WordPress WordPress 2.7.1
WordPress WordPress 2.7
WordPress WordPress 2.6.3
WordPress WordPress 2.6
WordPress WordPress 2.5
WordPress WordPress 2.3
WordPress WordPress 2.2.0
WordPress WordPress 2.2
WordPress WordPress 2.1
WordPress WordPress 2.0.9
WordPress WordPress 2.0.8
WordPress WordPress 1.6.2
WordPress WordPress 1.6
WordPress WordPress 1.5.1.1
WordPress WordPress 1.5
WordPress WordPress 1.4
WordPress WordPress 1.3.3
WordPress WordPress 1.3.2
WordPress WordPress 1.3
WordPress WordPress 1.2.5
WordPress WordPress 1.2.4
WordPress WordPress 1.2.3
WordPress WordPress 1.1.1
WordPress WordPress 1.0.2
WordPress WordPress 1.0.1
WordPress WordPress 0.72
WordPress WordPress 0.711
WordPress WordPress 0.71
WordPress WordPress 0.7
WordPress WordPress 0.6.2.1

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• WordPress Core (ExploitBox)
  
• WordPress HomePage (WordPress)
  

Source: www.securityfocus.com