Описание
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01077
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
ubuntu
почти 20 лет назад
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
debian
почти 20 лет назад
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...
github
около 3 лет назад
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
EPSS
Процентиль: 77%
0.01077
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other