Description

WordPress is prone to an unauthorized access vulnerability. Attackers can exploit this issue to edit other users' posts. Successfully exploiting this issue may lead to other attacks. WordPress versions prior to 2.3.3 are vulnerable.

Remediation

Update to WordPress version 2.3.3 or latest

References

http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/

http://www.securiteam.com/unixfocus/5HP010KNFK.html

http://secunia.com/advisories/28823/

https://wordpress.org/news/2008/02/wordpress-233/

Related Vulnerabilities

WordPress Plugin WP Image Zoom Denial of Service (1.23)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-1238)

WordPress Plugin Easy Accordion-Best Accordion FAQ Cross-Site Scripting (2.0.21)

WordPress Plugin Limit Attempts by BestWebSoft Multiple Vulnerabilities (1.0.3)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2741)

Severity

High

Classification

CVE-2008-0664 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update