Description

WordPress is prone to multiple unspecified security vulnerabilities. Very little information is available on this issue. One of these issues is related to plugins and may allow a remote user to bypass security restrictions. The impact of this will depend on the configuration of WordPress but may permit the execution of arbitrary PHP code. WordPress versions prior to 2.0.4 are vulnerable.

Remediation

Update to WordPress version 2.0.4 or latest

References

http://secunia.com/advisories/21309/

https://wordpress.org/news/2006/07/wordpress-204/

Related Vulnerabilities

ProjectSend Use of Insufficiently Random Values Vulnerability (CVE-2024-7659)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9406)

WordPress Plugin Custom Field Suite Cross-Site Request Forgery (2.5.15)

XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2024-55663)

WordPress Plugin WP ALL Export Pro Multiple Vulnerabilities (1.7.8)

Severity

High

Classification

CVE-2006-4028 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update