{
  "modified": "2025-08-09T19:01:26Z",
  "published": "2005-07-05T04:00:00Z",
  "id": "CVE-2005-2109",
  "details": "wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/15831"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.gulftech.org/?node=research\u0026article_id=00085-06282005"
    },
    {
      "type": "FIX",
      "url": "http://secunia.com/advisories/15831"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=112006967221438\u0026w=2"
    }
  ]
}