An attacker may be able to take complete control of a websiteσελίδαs who uses it platform WordPress due to the lack of the cryptographically secure pseudorandom number generator (CSPRNG).
CSPRNG is a mechanism that produces random numbers on a computer, which can be applied for cryptographic purposes, such as the production of keys or salts. The numbers are pseudo-random because a really random series can only be produced on a theoretical level.
The WrongPress error was discovered by Scott Arciszewski, a Web developer from Orlando, Florida. He has already advised WorPress technicians about the need to implement a CSPRNG mechanism on the platform in order to eliminate even the slightest chance of anyone predicting the link used to reset the passwords.
Anyone who succeeds will be able to violate all WorrdPress that exist on the web. However, there is currently no available method.
Arciszewski reports that he tried several times to bring the issue to the caution των τεχνικών της WοrdPress. Πρώτη φορά στις 25 του Ιούνη του 2014, ανοίγοντας ένα ticket για το θέμα στον Tracker της πλατφόρμας. Η επόμενη φορά ήταν κατά τη διάρκεια του WordCamp in Orlando, a conference focused on the WordPress platform.
A published by the researcher which completely reveals the vulnerability, also has a patch created by itself, which has not yet been integrated into WordPress.
Patch available with unit tests and PHP 5.2 on Windows support at https://core.trac.wordpress.org/attachment/ticket/28633/28633.3.patch
Remember that WordPress is used by 75 million websites on the internet. Nevertheless, this vulnerability requires a lot of knowledge and skills, which discourages many would-be hackers.
