Description

Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).

Remediation

References

CVE-2006-4028

Related Vulnerabilities

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2006-0369)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4939)

Oracle Database Server CVE-2011-2243 Vulnerability (CVE-2011-2243)

WordPress Plugin Limit Attempts by BestWebSoft Cross-Site Scripting (1.1.7)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

Severity

Critical

Classification

CVE-2006-4028

Tags

Missing Update Known Vulnerabilities