Description
WordPress is prone to a security bypass vulnerability because it fails to adequately restrict access to the password reset feature. An attacker can exploit this issue to reset the administrator password of the application. Repeated attacks may allow the attacker to cause persistent Denial of Service conditions. WordPress version 2.8.3 is vulnerable; prior versions may also be affected.
Remediation
Update to WordPress version 2.8.4 or latest
References
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html
http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html
http://packetstormsecurity.org/files/view/80258/wordpress-adminreset.txt
Related Vulnerabilities
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0284)
PHP Zend_Hash_Del_Key_Or_Index vulnerability
PostgreSQL Improper Input Validation Vulnerability (CVE-2013-0255)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4583)
WordPress Plugin Social Media Widget by Acurax Multiple Unspecified Vulnerabilities (3.2.3)