How to fix vulnerability identified
-
After scan my site got this message. How to fix it.
[!] 1 vulnerability identified from the version number [!] Title: WordPress 2.3-4.8.2 - Host Header Injection in Password Reset Reference: https://wpvulndb.com/vulnerabilities/8807 Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html Reference: https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html Reference: https://core.trac.www.ads-software.com/ticket/25239 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
Viewing 2 replies - 1 through 2 (of 2 total)
-
For an in-depth discussion on that, see https://core.trac.www.ads-software.com/ticket/25239
In short, there’s still discussion on where the fault lies (WordPress or the server configuration) and if this is even a vulnerability. (and, before this topic turns into a dog pile, discussion on that should continue in the Trac ticket, not here)
What scanner did you use for this?
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘How to fix vulnerability identified’ is closed to new replies.