Description

WordPress is a prone to multiple eavesdropping vulnerabilities. Successfully exploiting these issues will allow attackers to obtain sensitive information and possibly to impersonate users and tamper with network data. WordPress versions prior to 2.6.1 are vulnerable.

Remediation

Update to WordPress version 2.6.1 or latest

References

http://core.trac.wordpress.org/ticket/7359

Related Vulnerabilities

WordPress Plugin Acobot Live Chat & Contact Form Multiple Vulnerabilities (2.0)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1133)

Apache HTTP Server Other Vulnerability (CVE-2010-0408)

WordPress Plugin Booking.com Banner Creator Cross-Site Scripting (1.4.2)

Oracle HTTP Server CVE-2013-6438 Vulnerability (CVE-2013-6438)

Severity

High

Classification

CVE-2008-3747 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update