Description

WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection, forgotten password and information disclosure vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to manipulate mail messages, to obtain sensitive information or to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress versions prior to 1.5.1.3 are affected.

Remediation

Update to WordPress version 1.5.1.3 or latest

References

http://www.gulftech.org/advisories/WordPress%20Multiple%20Vulnerabilities/78

http://www.securityfocus.com/archive/1/403699

http://packetstormsecurity.org/files/view/38369/wordpress1512.txt

https://wordpress.org/news/2005/06/wordpress-1513/

Related Vulnerabilities

Oracle Database Server CVE-2024-20995 Vulnerability (CVE-2024-20995)

WordPress Plugin OpenID Connect Generic Client Cross-Site Scripting (3.8.1)

WordPress Plugin WP Statistics Cross-Site Scripting (12.0.8.1)

WordPress Improper Input Validation Vulnerability (CVE-2008-4106)

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

Severity

High

Classification

CVE-2005-2107 CVE-2005-2108 CVE-2005-2109 CVE-2005-2110 CWE-79 CWE-89 CWE-200 CWE-702 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update