Description

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

Remediation

References

CVE-2005-2612

Related Vulnerabilities

WordPress Plugin Google Shortlink by BestWebSoft Cross-Site Scripting (1.5.2)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10704)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Multiple Vulnerabilities (4.3.1)

WordPress Plugin MX Time Zone Clocks Cross-Site Scripting (3.4)

WordPress 4.6.x Possible SQL Injection Vulnerability (4.6 - 4.6.7)

Severity

High

Classification

CVE-2005-2612

Tags

Missing Update Known Vulnerabilities