WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3747)

Description

The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.

Remediation

References

Related Vulnerabilities

RubyGems Origin Validation Error Vulnerability (CVE-2017-0902)

Magento Improper Authorization Vulnerability (CVE-2020-24403)

Dolibarr Improper Privilege Management Vulnerability (CVE-2020-14201)

WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)

WordPress Plugin Generate Child Theme Security Bypass (1.5.3)

Severity

High

Classification

CVE-2008-3747 CWE-264

Tags

Missing Update Known Vulnerabilities