Description

WordPress is prone to an unauthorized access vulnerability. Attackers can exploit this issue to edit other users' posts. Successfully exploiting this issue may lead to other attacks. WordPress versions prior to 2.3.3 are vulnerable.

Remediation

Update to WordPress version 2.3.3 or latest

References

http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/

http://www.securiteam.com/unixfocus/5HP010KNFK.html

http://secunia.com/advisories/28823/

https://wordpress.org/news/2008/02/wordpress-233/

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-40602)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2006-20001)

Moodle Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2023-30943)

Apache HTTP Server Other Vulnerability (CVE-2003-0017)

Oracle Database Server CVE-2008-2591 Vulnerability (CVE-2008-2591)

Severity

High

Classification

CVE-2008-0664 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update