Since days, WordPress has a password reset feature allowing any user to ask for a new password. This feature contains a vulnerability which might allow an attacker to get the password reset link without even being authenticated.

This kind of attack could lead to an unauthorized access on the victim’s WordPress account.

The Vulnerability

By default, WordPress is using an untrusted data to create a

Share This