Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Configuration Vulnerability (CVE-2009-2335)

Description

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2008-1818 Vulnerability (CVE-2008-1818)

WordPress Plugin Responsive Menu-Create Mobile-Friendly Menu Multiple Vulnerabilities (4.0.3)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.9)

WordPress Plugin MM Duplicate 'index.php' SQL Injection (1.2)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1133)

Severity

Medium

Classification

CVE-2009-2335

Tags

Missing Update Known Vulnerabilities