ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=4.7.4 - Host Header Injection in Password Reset

Product
WordPress
Description
The issue with the SERVER_NAME and PHP mail function allow an attacker to trick the WordPress send the password reset (crafted wp-login.php?action=lostpassword request) mail to the attackers SMTP server.
Solution
Update WordPress to the latest possible version (at least 4.7.5)
Classification
Type Unknown
References
CVE
Name CVE-CVE-2017-8295
Versions
Affected In <=4.7.4
Fixed In 4.7.5
Disclosure date
2017-05-03
Credits
Dawid Golunski
Submitter
ThreatPress