Description

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

Remediation

References

CVE-2007-0109

Related Vulnerabilities

Apache version older than 1.3.39

WordPress Plugin JetWidgets For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.0.8)

WordPress Plugin Add Link to Facebook Cross-Site Scripting (2.3)

WordPress Plugin Download Monitor Information Disclosure (1.6.3)

WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)

Severity

Medium

Classification

CVE-2007-0109

Tags

Missing Update Known Vulnerabilities