Published: 04/05/2017 Updated: 04/11/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 437

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

WordPress up to and including 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote malicious users to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

Debian Bug report logs - #862816 wordpress: Six security bugs in wordpress 474 and earlier Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Wed, 17 May 2017 11:57:06 UTC Severity: grave Tags: security, upstream Found in vers ...

Debian Bug report logs - #862053 wordpress: CVE-2017-8295 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sun, 7 May 2017 19:57:02 UTC Severity: serious Tags: security, up ...

Several vulnerabilities were discovered in wordpress, a web blogging tool They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks For the stable distribution (jessie), these problems have been fixed in version 41+dfsg-1+deb8u14 For the upcoming stable (stretch) ...

============================================= - Discovered by: Dawid Golunski - dawid[at]legalhackerscom - legalhackerscom - CVE-2017-8295 - Release date: 03052017 - Revision 10 - Severity: Medium/High ============================================= Source: exploitboxio/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE ...

CVE-2017-8295-WordPress-474---Unauthorized-Password-Reset Information on the vulnerability Wordpress has a password reset feature that contains a vulnerability which might in some cases allow attackers to get hold of the password reset link without previous authentication Such attack could lead to an attacker gaining unauthorised access to a victim's WordPress account

a plugin that protects your wp site from the CVE-2017-8295 vulnerability

WP Allowed Hosts This plugin has been created after the vulnerability known as CVE-2017-8295 has been disclosed, this plugin will protect you from that attack with no hassle, just add simple line to your wp-configphp Installation Just download the plugin from here and upload it to your site Usage Just add the following line to your wp-configphp // WP Allowed Hosts Plugin

Project Description Collection of quality safety articles collection-document awesome Table of Contents Github-list 预警&研究 ImageMagick WordPress 杂安全部建设加固响应溯源威胁情报综合 SRC 总结国外SRC文章信息收集渗透靶场技巧内网 hash 票据代理转发内网平台内网收集内网技巧 �

criando um ambiente WordPress

Passo-a-passo-Wordpress criando um ambiente WordPress web Apps necessarios Filezilla Putty algum navegador Antes de tudo é importante lembrar que temos que fazer um backup do servidor na digitalocean para se caso houver algum problema ter mais facilidade para resolver E para isso criaremos um snapshot do servidor que queremos Passo 1 Criar um banco de dados

CVE-2017-8295 Wordpress has a password reset feature that contains a vulnerability which might in some cases allow attackers to get hold of the password reset link without previous authentication Such attack could lead to an attacker gaining unauthorised access to a victim's WordPress account vulnerable Code ------[ wp-includes/pluggablephp ]------ if ( !isset( $fro

My WPS scan Results

Project 7 - WordPress Pentesting Pentesting Report Time spent: 9 hours spent in total because I couldn't get it up and running in Vbox Objective: Find, analyze, recreate, and document six vulnerabilities affecting an old version of WordPress Table of Contents List of Vulnerabilities found -[!] Title: WordPress 42-472 - Press This CSRF DoS -[!] Title: WordPress 23-4

Project Description Collection of quality safety articles collection-document awesome Table of Contents Github-list 预警&研究 ImageMagick WordPress 杂安全部建设加固响应溯源威胁情报综合 Bug_Bounty 总结国外Bug_Bounty文章信息收集渗透靶场技巧内网 hash 票据代理转发内网平台内网收集

My WPS scan Results

Project 7 - WordPress Pentesting Pentesting Report Time spent: 9 hours spent in total because I couldn't get it up and running in Vbox Objective: Find, analyze, recreate, and document six vulnerabilities affecting an old version of WordPress Table of Contents List of Vulnerabilities found -[!] Title: WordPress 42-472 - Press This CSRF DoS -[!] Title: WordPress 23-4

CWE-640 https://www.exploit-db.com/exploits/41963/https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html http://www.securityfocus.com/bid/98295 http://www.securitytracker.com/id/1038403 https://wpvulndb.com/vulnerabilities/8807 http://www.debian.org/security/2017/dsa-3870 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816 https://www.exploit-db.com/exploits/41963/https://github.com/alash3al/wp-allowed-hosts https://www.debian.org/security/./dsa-3870

CVE-2017-8295

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect