Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress 2.5 Cookie Integrity Protection Unauthorized Access Vulnerability (0.6.2 - 2.5)

Description

WordPress is prone to a vulnerability that allows an attacker to gain unauthorized access to the affected application. An attacker can exploit this issue to gain administrative access to the application, which can result in total compromise of the affected application. WordPress versions prior to 2.5.1 are vulnerable.

Remediation

Update to WordPress version 2.5.1 or latest

References

http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-integrity.txt

http://www.securityfocus.com/archive/1/491356

http://core.trac.wordpress.org/ticket/5367

http://secunia.com/advisories/29965/

Related Vulnerabilities

Apache Tomcat version older than 7.0.23

WordPress Plugin Complianz-GDPR/CCPA Cookie Consent SQL Injection (6.3.3)

Oracle Application Server Other Vulnerability (CVE-2002-0560)

IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4697)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-45151)

Severity

High

Classification

CVE-2008-1930 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update