Description
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Remediation
References
Related Vulnerabilities
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)
datatables Cross-site Scripting (XSS) Vulnerability (CVE-2015-6584)
Oracle Database Server Create Session privilege issue (CVE-2021-1993)
WordPress Plugin Product Reviews Import Export for WooCommerce Cross-Site Request Forgery (1.3.2)
WordPress Plugin PickPlugins Product Slider for WooCommerce Unspecified Vulnerability (1.13.23)