Description

WordPress is a prone to multiple eavesdropping vulnerabilities. Successfully exploiting these issues will allow attackers to obtain sensitive information and possibly to impersonate users and tamper with network data. WordPress versions prior to 2.6.1 are vulnerable.

Remediation

Update to WordPress version 2.6.1 or latest

References

http://core.trac.wordpress.org/ticket/7359

Related Vulnerabilities

Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43810)

MySQL CVE-2022-21607 Vulnerability (CVE-2022-21607)

Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43815)

WordPress Plugin WP eCommerce 'wpsc-transaction_results_functions.php' SQL Injection (3.8.7.5)

WordPress Plugin Login Logout Menu Cross-Site Scripting (1.3.3)

Severity

High

Classification

CVE-2008-3747 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update