Intrusion Prevention

WordPress.Unauthenticated.Administrator.Password.Reset

Description

This indicates an attack attempt against a security-bypass vulnerability in WordPress.
The vulnerability is due to the software's inability to properly restrict access to its password-resetting features. A remote attacker may exploit this to reset the password of the adminstrator account in WordPress.

Affected Products

WordPress version 2.8.3; prior versions may also be affected.

Impact

Security Bypass: Remote attackers can bypass security checking of vulnerable systems.

Recommended Actions

Upgrade to version 2.8.4.

CVE References

CVE-2009-2762