WordPress Multiple Vulnerabilities Network Vulnerability

Summary

This host is running WordPress, which is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to reset the password of arbitrary accounts, guess randomly generated passwords, obtain sensitive information and possibly to impersonate users and tamper with network data. Impact Level : Application

Solution

Upgrade to WordPress 2.6.2 or later. http://wordpress.org/

Insight

The flaws are due to, - SQL column-truncation issue. - Weakness in the entropy of generated passwords. - functions get_edit_post_link(), and get_edit_comment_link() fail to use SSL when transmitting data.

Affected

WordPress 2.6.1 and prior versions.

References

http://seclists.org/fulldisclosure/2008/Sep/0194.html
http://www.juniper.net/security/auto/vulnerabilities/vuln30750.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-3747
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Assesi 'bg' Parameter SQL Injection vulnerability
Athena Web Registration remote command execution flaw
68designs 68kb Multiple Remote File Include Vulnerabilities
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability

Take action and discover your vulnerabilities