Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-8295 — Weak Password Recovery Mechanism for Forgotten Password in Wordpress
Severity
5.9MEDIUMNVD
EPSS
77.1%
top 1.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 4
Latest updateMay 17
Description
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP ma…
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
1Debian▶
CVE-2017-8295: wordpress - WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-ma...↗2017