WAF RULE TO PREVENT 0-DAY ATTACKS IN WORDPRESS
(CVE-2017-8295) Wordpress <= 4.7.4 - Unauthorized Password Reset Vulnerability By default, WordPress is using an untrusted data to create a password reset link. That is supposed to be delivered only to the email address associated with the owner’s account. If the From email header is not present WordPress will use the server one. // check wp-includes/pluggable.php if ( !isset( $from_...
Tags: