Description

WordPress is prone to multiple unspecified security vulnerabilities. Very little information is available on this issue. One of these issues is related to plugins and may allow a remote user to bypass security restrictions. The impact of this will depend on the configuration of WordPress but may permit the execution of arbitrary PHP code. WordPress versions prior to 2.0.4 are vulnerable.

Remediation

Update to WordPress version 2.0.4 or latest

References

http://secunia.com/advisories/21309/

https://wordpress.org/news/2006/07/wordpress-204/

Related Vulnerabilities

WordPress Plugin Paid Downloads 'download_key' Parameter SQL Injection (2.01)

WordPress Plugin Yoast SEO Security Bypass (1.4.6)

WordPress Plugin S3 Video Cross-Site Scripting (0.983)

WordPress Plugin Post to Twitter Cross-Site Request Forgery (0.7)

WordPress Plugin WP Product Review Lite Unspecified Vulnerability (3.7.6)

Severity

High

Classification

CVE-2006-4028 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update