May , 2017

Wordpress 4.7.4 Unauthorized Password Reset

Someone requested that the password be reset for the following account:


Username: admin

If this was a mistake, just ignore this email and nothing will happen.

To reset your password, visit the following address:


As we can see, fields Return-Path, From, and Message-ID, all have the attacker’s domain set.

The verification of the headers can be performed by replacing /usr/sbin/sendmail with a bash script of:

cat > /tmp/outgoing-email