Description

WordPress is prone to multiple vulnerabilities, including directory traversal, security bypass and Denial of Service vulnerabilities. Exploiting these issues can allow an attacker to obtain sensitive information that could aid in launching further attacks, to perform otherwise restricted actions and subsequently list certain metadata information of other users or to cause a Denial of Service (application crash), thus denying service to legitimate users. WordPress version 2.0.4 is vulnerable.

Remediation

Update to WordPress version 2.0.5 or latest

References

http://core.trac.wordpress.org/ticket/2591

http://core.trac.wordpress.org/ticket/3142

http://secunia.com/advisories/22683/

Related Vulnerabilities

WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Cross-Site Scripting (4.19.2)

WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Cross-Site Scripting (2.1.0.1)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.67)

Python Other Vulnerability (CVE-2002-1119)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19215)

Severity

High

Classification

CVE-2006-5705 CVE-2006-6016 CVE-2006-6017 CWE-22 CWE-264 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update