Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)

Description

WordPress is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary code within the context of the affected webserver process; this may result in total compromise of the web server. WordPress versions prior to 1.5.2 are vulnerable.

Remediation

Update to WordPress version 1.5.2 or latest

References

http://www.securityfocus.com/bid/14533/exploit

http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html

http://secunia.com/advisories/16386/

Related Vulnerabilities

WordPress Plugin SW Ajax WooCommerce Search Cross-Site Scripting (1.2.6)

WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3)

WordPress Plugin Limit Login Attempts Security Bypass (1.7.0)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37251)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)

Severity

High

Classification

CVE-2005-2612 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Code Execution