Description

WordPress is prone to multiple vulnerabilities, including directory traversal, security bypass and Denial of Service vulnerabilities. Exploiting these issues can allow an attacker to obtain sensitive information that could aid in launching further attacks, to perform otherwise restricted actions and subsequently list certain metadata information of other users or to cause a Denial of Service (application crash), thus denying service to legitimate users. WordPress version 2.0.4 is vulnerable.

Remediation

Update to WordPress version 2.0.5 or latest

References

http://core.trac.wordpress.org/ticket/2591

http://core.trac.wordpress.org/ticket/3142

http://secunia.com/advisories/22683/

Related Vulnerabilities

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9456)

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.6.2)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5100)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2047)

WordPress Plugin Advanced Contact form 7 DB SQL Injection (1.6.0)

Severity

High

Classification

CVE-2006-5705 CVE-2006-6016 CVE-2006-6017 CWE-22 CWE-264 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update