Description

WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.

Remediation

References

CVE-2009-2431

Related Vulnerabilities

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20102)

Oracle JRE CVE-2017-10293 Vulnerability (CVE-2017-10293)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Multiple Cross-Site Scripting Vulnerabilities (4.2.4)

Python Improper Input Validation Vulnerability (CVE-2013-7338)

Python Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20907)

Severity

Medium

Classification

CVE-2009-2431 CWE-20

Tags

Missing Update Known Vulnerabilities