Description

WordPress is prone to multiple vulnerabilities, including directory traversal, security bypass and Denial of Service vulnerabilities. Exploiting these issues can allow an attacker to obtain sensitive information that could aid in launching further attacks, to perform otherwise restricted actions and subsequently list certain metadata information of other users or to cause a Denial of Service (application crash), thus denying service to legitimate users. WordPress version 2.0.4 is vulnerable.

Remediation

Update to WordPress version 2.0.5 or latest

References

http://core.trac.wordpress.org/ticket/2591

http://core.trac.wordpress.org/ticket/3142

http://secunia.com/advisories/22683/

Related Vulnerabilities

PHP Other Vulnerability (CVE-2005-3388)

WordPress Plugin Digital Publications by Supsystic Multiple Vulnerabilities (1.6.9)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5265)

Oracle JRE CVE-2013-5842 Vulnerability (CVE-2013-5842)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3065)

Severity

High

Classification

CVE-2006-5705 CVE-2006-6016 CVE-2006-6017 CWE-22 CWE-264 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update