Description

WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection, forgotten password and information disclosure vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to manipulate mail messages, to obtain sensitive information or to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress versions prior to 1.5.1.3 are affected.

Remediation

Update to WordPress version 1.5.1.3 or latest

References

http://www.gulftech.org/advisories/WordPress%20Multiple%20Vulnerabilities/78

http://www.securityfocus.com/archive/1/403699

http://packetstormsecurity.org/files/view/38369/wordpress1512.txt

https://wordpress.org/news/2005/06/wordpress-1513/

Related Vulnerabilities

WordPress Plugin AnyFont Cross-Site Scripting (2.2.3)

WordPress Plugin s2Member Framework 's2_invoice' Parameter Remote Security Bypass (111105)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-3164)

MediaWiki Other Vulnerability (CVE-2005-0535)

WordPress Plugin Read Offline Cross-Site Scripting (0.9.17)

Severity

High

Classification

CVE-2005-2107 CVE-2005-2108 CVE-2005-2109 CVE-2005-2110 CWE-79 CWE-89 CWE-200 CWE-702 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update