Description

WordPress is a prone to multiple eavesdropping vulnerabilities. Successfully exploiting these issues will allow attackers to obtain sensitive information and possibly to impersonate users and tamper with network data. WordPress versions prior to 2.6.1 are vulnerable.

Remediation

Update to WordPress version 2.6.1 or latest

References

http://core.trac.wordpress.org/ticket/7359

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-1399)

WordPress Plugin Simple Behance Portfolio Cross-Site Scripting (0.2)

MySQL CVE-2013-3794 Vulnerability (CVE-2013-3794)

PHP Other Vulnerability (CVE-2007-1379)

WordPress Plugin Postie Multiple Vulnerabilities (1.9.40)

Severity

High

Classification

CVE-2008-3747 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update