← back
CVE-2020-11027

Password reset links invalidation issue in WordPress

CVSS 6.1 MEDIUMEPSS 13.6%CWE-672
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Affected products
WordPress · WordPress
public PoCs found2
cve_referencepacketstormsecurity.com/files/173034/WordPress-Theme-Medic-1.0.0-Weak-Password-Recovery-Mechanism.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51531unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/173034/WordPress-Theme-Medic-1.0.0-Weak-Password-Recovery-Mechanism.htmlhttps://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jwhttps://lists.debian.org/debian-lts-announce/2020/05/msg00011.htmlhttps://wordpress.org/support/wordpress-version/version-5-4-1/#security-updateshttps://www.debian.org/security/2020/dsa-4677