Weak Password Recovery Mechanism for Forgotten Password in WordPress - CVE-2020-11027
Published: April 29, 2020 / Updated: October 25, 2024
Vulnerability identifier: #VU27438
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2020-11027
CWE-ID: CWE-640
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: WordPress.ORG
Affected software:
WordPress
WordPress
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise user accounts.
The vulnerability exists due to password reset token is not correctly invalidated. A remote attacker can abuse such behavior to take over another user account.
Successful exploitation of the vulnerability may allows an attacker to gain full access to the affected website.
How to mitigate CVE-2020-11027
Install updates from vendor's website.
Sources
- https://wordpress.org/news/2020/04/wordpress-5-4-1/
- https://wpvulndb.com/vulnerabilities/10201/
- https://core.trac.wordpress.org/changeset/47634/
- https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw