Description

WordPress is prone to a security bypass vulnerability. Authenticated attackers may exploit this issue to gain access to configuration scripts, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. WordPress versions 2.8 and prior are vulnerable.

Remediation

Update to WordPress version 2.8.1 or latest

References

http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked

http://www.exploit-db.com/exploits/9110/

http://www.securiteam.com/securitynews/5QP0E0KRQM.html

Related Vulnerabilities

WordPress Plugin SimpleFlickr Cross-Site Request Forgery (3.0.3)

IBM RTC Files or Directories Accessible to External Parties Vulnerability (CVE-2017-1602)

Moodle Other Vulnerability (CVE-2006-4943)

Artifactory CVE-2019-9733 Vulnerability (CVE-2019-9733)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2011-3336)

Severity

High

Classification

CVE-2009-2334 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass