Exploitbox: WordPress Unauthorized Password Reset Vulnerability

On the Exploitbox site Dawid Golunski shares a 0 day vulnerability in the WordPress core affecting all versions: The vulnerability stems from WordPress using untrusted data by default when creating a password reset e-mail that is supposed to be delivered only to the e-mail associated with the owner’s account. They include the following code sample … Continue reading Exploitbox: WordPress Unauthorized Password Reset Vulnerability