4.3
CVSSv2

CVE-2017-8295

Published: 04/05/2017 Updated: 04/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 438
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

WordPress up to and including 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote malicious users to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.

Vulnerability Trend

Vendor Advisories

Debian Bug report logs - #862053 wordpress: CVE-2017-8295 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 7 May 2017 19:57:02 UTC Severity: serious Tags: security, up ...
Debian Bug report logs - #862816 wordpress: Six security bugs in wordpress 474 and earlier Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Wed, 17 May 2017 11:57:06 UTC Severity: grave Tags: security, upstream Found in vers ...
Several vulnerabilities were discovered in wordpress, a web blogging tool They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks For the stable distribution (jessie), these problems have been fixed in version 41+dfsg-1+deb8u14 For the upcoming stable (stretch) ...

Exploits

============================================= - Discovered by: Dawid Golunski - dawid[at]legalhackerscom - legalhackerscom - CVE-2017-8295 - Release date: 03052017 - Revision 10 - Severity: Medium/High ============================================= Source: exploitboxio/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE ...

Github Repositories

CVE-2017-8295 Wordpress has a password reset feature that contains a vulnerability which might in some cases allow attackers to get hold of the password reset link without previous authentication Such attack could lead to an attacker gaining unauthorised access to a victim's WordPress account vulnerable Code ------[ wp-includes/pluggablephp ]------ if ( !isset( $fro

CVE-2017-8295-WordPress-474---Unauthorized-Password-Reset Information on the vulnerability Wordpress has a password reset feature that contains a vulnerability which might in some cases allow attackers to get hold of the password reset link without previous authentication Such attack could lead to an attacker gaining unauthorised access to a victim's WordPress account

a plugin that protects your wp site from the CVE-2017-8295 vulnerability

WP Allowed Hosts This plugin has been created after the vulnerability known as CVE-2017-8295 has been disclosed, this plugin will protect you from that attack with no hassle, just add simple line to your wp-configphp Installation Just download the plugin from here and upload it to your site Usage Just add the following line to your wp-configphp // WP Allowed Hosts Plugin

My WPS scan Results

Project 7 - WordPress Pentesting Pentesting Report Time spent: 9 hours spent in total because I couldn't get it up and running in Vbox Objective: Find, analyze, recreate, and document six vulnerabilities affecting an old version of WordPress Table of Contents List of Vulnerabilities found -[!] Title: WordPress 42-472 - Press This CSRF DoS -[!] Title: WordPress 23-4

Project Description Collection of quality safety articles collection-document awesome Table of Contents Github-list 预警&研究 ImageMagick WordPress 杂 安全部 建设 加固 响应 溯源 威胁情报 综合 SRC 总结 国外SRC文章 信息收集 渗透 靶场 技巧 内网 hash 票据 代理转发 内网平台 内网收集 内网技巧

My WPS scan Results

Project 7 - WordPress Pentesting Pentesting Report Time spent: 9 hours spent in total because I couldn't get it up and running in Vbox Objective: Find, analyze, recreate, and document six vulnerabilities affecting an old version of WordPress Table of Contents List of Vulnerabilities found -[!] Title: WordPress 42-472 - Press This CSRF DoS -[!] Title: WordPress 23-4

CSCI4349 Week 9: Honeypot MANUAL HONEYPOT SETUP git clone this repo git clone githubcom/harrystaley/CSCI4349_Week9_Honeypot open your terminal application and execute the following command vagrant up vagrant ssh wich should bring you to a new terminal prompt on your newly created linux box cd /vagrant initialize google cloud gcloud init login and instert the name o

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 Exploit Database 3684

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Unpatched WordPress Password Reset Vulnerability Lingers
Threatpost • Chris Brook • 04 May 2017

A zero-day vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s password and gain access to their account.
Researcher Dawid Golunski of Legal Hackers disclosed the vulnerability on Wednesday via his new ExploitBox service. All versions of WordPress, including the latest, 4.7.4, are vulnerable, the researcher said.
The vulnerability (CVE-2017-8295) happens because WordPress uses what Golunski calls untrusted data by default when i...

WordPress Zero-Day Could Expose Password Reset Emails
BleepingComputer • Catalin Cimpanu • 04 May 2017

Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
The researcher published his findings yesterday, after reporting the flaw to the WordPress security team last July.
After more than ten months and no progress, Golunski decided to go public and inform WordPress site owners of this issue so they could protect their sites by other means.