Description

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.

Remediation

References

CVE-2005-2109

Related Vulnerabilities

Dolibarr Incorrect Authorization Vulnerability (CVE-2020-12669)

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

WebLogic CVE-2023-21931 Vulnerability (CVE-2023-21931)

WordPress Plugin WP Statistics Cross-Site Scripting (12.0.8.1)

WordPress Plugin Print, PDF, Email by PrintFriendly Multiple Unspecified Vulnerabilities (3.5.2)

Severity

Medium

Classification

CVE-2005-2109

Tags

Missing Update Known Vulnerabilities