- Plesk Onyx for Windows
- Plesk Onyx for Linux
CVE-2017-8295 vulnerability was discovered in WordPress until 4.7.4 version. The vulnerability is detailed, as follows:
SERVER_NAME variable to get the hostname to create a From/Return-Path header for the password reset email. An attacker can make WordPress sent "Password Reset" email with
From header forged by the attacker.
A Plesk website is affected if ALL of the following statements are true:
- WordPress (any version, including the before 4.7.4) is hosted;
- The site is Default site for some IP address;
- The site is served by Apache or IIS (websites served by Nginx are not affected).
If a WordPress site is hosted in a Plesk environment, an attacker cannot forge
Return-Path header because Plesk mail system changes this header for outgoing email messages.
An attacker can initiate password reset of the WordPress account by email with From header forged by the attacker. In some cases, such email can be intercepted and the account can be compromised. The affected scenarios are the following:
- Some auto-responders might attach a copy of the email sent in the body of the auto-replied message.
Note: Auto-responder set in Plesk do not send a body of the email.
- The attacker can convince the user to reply to the email, for example by sending multiple password reset emails. The reply containing the password reset link would then be sent to the attacker. We strongly advise not to answer such emails.
Update WordPress to the 4.7.12 version (at least) using this article