CVE-2009-2762

WordPress < 2.8.3 - Unauthenticated Password Reset via Array Parameter Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-2762. PoCs published by laurent gaffié, iso^kpsbr, irk4z.

AI-analyzed exploit summary This is a vulnerability writeup for CVE-2009-2762, detailing an authentication bypass in WordPress <= 2.8.3 that allows an attacker to reset the admin password by submitting an array to the key variable.

Description

wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.

Exploits (3)

exploitdb WRITEUP VERIFIED
by laurent gaffié · textwebappsphp
https://www.exploit-db.com/exploits/9410

This is a vulnerability writeup for CVE-2009-2762, detailing an authentication bypass in WordPress <= 2.8.3 that allows an attacker to reset the admin password by submitting an array to the key variable.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WordPress <= 2.8.3
No auth needed
Prerequisites: Access to the WordPress login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by iso^kpsbr · phpwebappsphp
https://www.exploit-db.com/exploits/6421

This exploit targets a vulnerability in WordPress 2.6.1 to take over the admin account by abusing the password reset mechanism and predicting the random seed used for password generation. It registers a new admin user, triggers a password reset, and brute-forces the seed to compute the new password.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Racy
Target: WordPress 2.6.1
No auth needed
Prerequisites: Access to the target WordPress installation · Identical or compatible PHP version for seed prediction · Rainbow tables for faster seed lookup (optional)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by irk4z · textwebappsphp
https://www.exploit-db.com/exploits/6397

This exploit leverages SQL column truncation in WordPress 2.6.1 to create a duplicate admin account by registering a username with trailing spaces, allowing password reset via the lost password feature.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress 2.6.1
No auth needed
Prerequisites: Registration enabled on the WordPress site
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Vendor Advisory x_refsource_misc
http://core.trac.wordpress.org/changeset/11798
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/development/2009/08/2-8-4-security-release/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9410
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52382
Broken Link mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36014
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022707
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36237

Scores

EPSS 0.1964
EPSS Percentile 97.0%

Details

CWE
CWE-255
Status published
Products (1)
wordpress/wordpress < 2.8.3
Published Aug 13, 2009
Tracked Since Feb 18, 2026