Main Vulnerability Database Exploits ID:10673 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in WordPress - CVE-2020-11027

ID:10673 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in WordPress - CVE-2020-11027

Published: October 25, 2024

Vulnerability identifier: #VU27438

Vulnerability risk: High

CVE-ID: CVE-2020-11027

CWE-ID: CWE-640

Exploitation vector: Remote access

Vulnerable software:
WordPress

Link to public exploit:

https://www.exploit-db.com/exploits/51531/

Vulnerability description

The vulnerability allows a remote attacker to compromise user accounts.

The vulnerability exists due to password reset token is not correctly invalidated. A remote attacker can abuse such behavior to take over another user account.

Successful exploitation of the vulnerability may allows an attacker to gain full access to the affected website.

Remediation

Install updates from vendor's website.

ID:10673 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in WordPress - CVE-2020-11027

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human