Description

WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.

Remediation

References

CVE-2009-2431

Related Vulnerabilities

WordPress Plugin Simple Sticky Footer Cross-Site Request Forgery (1.3.2)

WordPress Plugin WP Gravity Forms Zoho CRM Add-on Cross-Site Scripting (1.1.5)

WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Deletion (4.16.2)

WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.4)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38267)

Severity

Medium

Classification

CVE-2009-2431 CWE-20

Tags

Missing Update Known Vulnerabilities