Description

WordPress is prone to an unauthorized access vulnerability. Attackers can exploit this issue to edit other users' posts. Successfully exploiting this issue may lead to other attacks. WordPress versions prior to 2.3.3 are vulnerable.

Remediation

Update to WordPress version 2.3.3 or latest

References

http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/

http://www.securiteam.com/unixfocus/5HP010KNFK.html

http://secunia.com/advisories/28823/

https://wordpress.org/news/2008/02/wordpress-233/

Related Vulnerabilities

WordPress Plugin Smart Marketing SMS and Newsletters Forms Cross-Site Scripting (1.1.1)

WordPress Plugin Timber Cross-Site Scripting (1.2.2)

WordPress Plugin PollDeep Arbitrary File Upload (1.2)

WordPress Plugin Terillion Reviews Profile Id Cross-Site Scripting (1.1)

WordPress Plugin WooCommerce Cross-Site Scripting (2.6.2)

Severity

High

Classification

CVE-2008-0664 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update