Description

WordPress is prone to multiple security bypass vulnerabilities. Authenticated attackers may exploit these issues to gain access to administrative functions, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. WordPress versions prior to 2.8.3 are vulnerable.

Remediation

Update to WordPress version 2.8.3 or latest

References

http://secunia.com/advisories/36146/

https://wordpress.org/news/2009/08/wordpress-2-8-3-security-release/

Related Vulnerabilities

WordPress Plugin Anthologize Cross-Site Scripting (0.7.7)

Apache Tomcat Incorrect Default Permissions Vulnerability (CVE-2020-8022)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)

WebLogic CVE-2023-22089 Vulnerability (CVE-2023-22089)

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (5.7.7)

Severity

High

Classification

CVE-2009-2853 CVE-2009-2854 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass