Description

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

Remediation

References

CVE-2007-0109

Related Vulnerabilities

WordPress Plugin My Category Order Cross-Site Scripting (4.3)

WordPress Plugin WP-Cumulus 'tagcloud.swf' Cross-Site Scripting (1.22)

WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)

Jboss EAP CVE-2023-4061 Vulnerability (CVE-2023-4061)

WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.17.3)

Severity

Medium

Classification

CVE-2007-0109

Tags

Missing Update Known Vulnerabilities