Description

WordPress is prone to multiple security bypass vulnerabilities. Authenticated attackers may exploit these issues to gain access to administrative functions, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. WordPress versions prior to 2.8.3 are vulnerable.

Remediation

Update to WordPress version 2.8.3 or latest

References

http://secunia.com/advisories/36146/

https://wordpress.org/news/2009/08/wordpress-2-8-3-security-release/

Related Vulnerabilities

WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)

Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-8184)

Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1675)

MySQL CVE-2025-50098 Vulnerability (CVE-2025-50098)

WordPress Plugin CopySafe PDF Protection Unspecified Vulnerability (1.10)

Severity

High

Classification

CVE-2009-2853 CVE-2009-2854 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass