A vulnerability has been discovered in WordPress which could result in the unauthorized reset of an administrative account. This vulnerability exists because WordPress relies on the host HTTP header for a password reset email and fails to properly validate the server name. An attacker can exploit this issue by modifying the host name in a specifically crafted HTTP POST to the affected website. This will cause the password reset email to be sent to an attacker controlled email address, allowing the attacker access to the password reset link. While the owner of the targeted account will also receive the reset email, providing indication of a potential compromise, the attacker will gain access for an indeterminate length of time.
Successful exploitation of this vulnerability could allow for attackers to reset an administrative password for a website running WordPress.
We recommend the following actions be taken:
Ensure no unauthorized systems changes have occurred before applying patches.
Update WordPress CMS to the latest version once a patch has been released after appropriate testing.
Review and follow WordPress hardening guidelines – http://codex.wordpress.org/Hardening