ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 1.5.1.2 - Multiple Vulnerabilities #1

Product
WordPress
Description
Because of these vulnerabilities in wp-login.php, the attackers can change the content of the forgotten password e-mail message via the message variable, that is not initialized before use.
Solution
Update the WordPress to the latest available version (at least 1.5.1.3).
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2005-2109
Versions
Affected In <= 1.5.1.2
Fixed In 1.5.1.3
Disclosure date
2005-07-01
Submitter
ThreatPress