What is CVE-2009-2762?

CVE-2009-2762 is a vulnerability in N/a. Published 2009-08-13.

Is CVE-2009-2762 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-2762

wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check…

EPSS: 0.741 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

wordpress.org/development/2009/08/2-8-4-security-release/ (x_refsource_CONFIRM)
core.trac.wordpress.org/changeset/11798 (x_refsource_MISC)
9410 (exploit, x_refsource_EXPLOIT-DB)
wordpress-wplogin-security-bypass(52382) (vdb-entry, x_refsource_XF)
20090810 WordPress <= 2.8.3 Remote admin reset password (mailing-list, x_refsource_FULLDISC)
36014 (vdb-entry, x_refsource_BID)
1022707 (vdb-entry, x_refsource_SECTRACK)
36237 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2009-2762?: CVE-2009-2762 is a vulnerability in N/a. Published 2009-08-13.
Is CVE-2009-2762 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.