Description

WordPress is prone to multiple vulnerabilities, including Denial of Service and information disclosure vulnerabilities. Attackers can exploit these issues to consume memory and bandwidth resources, thus denying service to legitimate users or to gain information that may aid in further attacks. WordPress versions prior to 2.1 are vulnerable.

Remediation

Update to WordPress version 3.6 or latest

References

http://www.securityfocus.com/bid/22220/exploit

http://www.securityfocus.com/archive/1/458003

http://core.trac.wordpress.org/attachment/ticket/4137/exploit.py

http://secunia.com/advisories/24951/

Related Vulnerabilities

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-32621)

WordPress Plugin Top Quark Architecture 'script.php' Arbitrary File Upload (2.1.0)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10678)

WordPress Plugin WP Link To Us Multiple Cross-Site Scripting Vulnerabilities (2.0)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8757)

Severity

High

Classification

CVE-2007-0540 CWE-200 CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Denial Of Service Information Disclosure