Description

WordPress is prone to a security bypass vulnerability. Authenticated attackers may exploit this issue to gain access to configuration scripts, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. WordPress versions 2.8 and prior are vulnerable.

Remediation

Update to WordPress version 2.8.1 or latest

References

http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked

http://www.exploit-db.com/exploits/9110/

http://www.securiteam.com/securitynews/5QP0E0KRQM.html

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11112)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Server-Side Request Forgery (2.1.6)

WordPress Plugin WordPress Backup to Ziddu Cross-Site Scripting (1)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-8286)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Cross-Site Scripting (3.4.12)

Severity

High

Classification

CVE-2009-2334 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass