The host is running WordPress and is prone to Multiple Vulnerabilities.

Successful exploitation will allow attackers to view the content of plugins configuration pages, inject malicious scripting code, or gain knowledge of sensitive username information. Impact Level: Application

Update to Version 2.8.1 http://wordpress.org/download/

- Error in 'wp-settings.php' which may disclose the sensitive information via a direct request. - username of a post's author is placed in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source. - Error occur when user attampt for failed login or password request depending on whether the user account exists, and it can be exploited by enumerate valid usernames. - wp-admin/admin.php does not require administrative authentication to access the configuration of a plugin, which allows attackers to specify a configuration file in the page parameter via collapsing-archives/options.txt, related-ways-to-take-action/options.php, wp-security-scan/securityscan.php, akismet/readme.txt and wp-ids/ids-admin.php.

WordPress version prior to 2.8.1 on all running platform.

• http://securitytracker.com/alerts/2009/Jul/1022528.html
• http://www.securityfocus.com/archive/1/archive/1/504795/100/0/threaded
• http://www.vupen.com/english/advisories/2009/1833

---

Updated on 2015-03-25