Description

WordPress is a prone to multiple eavesdropping vulnerabilities. Successfully exploiting these issues will allow attackers to obtain sensitive information and possibly to impersonate users and tamper with network data. WordPress versions prior to 2.6.1 are vulnerable.

Remediation

Update to WordPress version 2.6.1 or latest

References

http://core.trac.wordpress.org/ticket/7359

Related Vulnerabilities

Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)

PostgreSQL Other Vulnerability (CVE-2004-0977)

WebLogic CVE-2020-14841 Vulnerability (CVE-2020-14841)

Drupal Core 9.1.x Directory Traversal (9.1.0 - 9.1.10)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5205)

Severity

High

Classification

CVE-2008-3747 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update