Recently a vulnerability affecting WordPress core and the password reset functionality came to light. Robert Rowley over at Pagely explains:
Under three specific conditions the “forgot password?” functionality can be manipulated into sending the URL to reset a WordPress user’s password to an email address controlled by a malicious party.
Robert outlines what conditions need to exist to make this happen, and he emphasizes that “it is unlikely and uncommon for them all to be met.” But it’s not impossible.
A patch is in the works, but in the meantime Robert provides a straightforward way to determine if you are affected with a few possible workarounds.
Triggering email password resets is easy without this attack vector, but automating it could provide quite an annoyance for site owners. It’s good that few servers are configured in a way to meet this vulnerability, but if there are enough to make it worth scripting and automating, then it could still be a pain, even for site owners who are not vulnerable.
