Description

WordPress is prone to multiple vulnerabilities, including directory traversal, security bypass and Denial of Service vulnerabilities. Exploiting these issues can allow an attacker to obtain sensitive information that could aid in launching further attacks, to perform otherwise restricted actions and subsequently list certain metadata information of other users or to cause a Denial of Service (application crash), thus denying service to legitimate users. WordPress version 2.0.4 is vulnerable.

Remediation

Update to WordPress version 2.0.5 or latest

References

http://core.trac.wordpress.org/ticket/2591

http://core.trac.wordpress.org/ticket/3142

http://secunia.com/advisories/22683/

Related Vulnerabilities

WordPress Plugin WP SlackSync Information Disclosure (1.8.5)

WordPress Plugin Sagenda-Free booking system PHP Object Injection (1.3.2)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.17)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.13)

MySQL CVE-2020-14827 Vulnerability (CVE-2020-14827)

Severity

High

Classification

CVE-2006-5705 CVE-2006-6016 CVE-2006-6017 CWE-22 CWE-264 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update