WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2)

Description

WordPress is prone to multiple security bypass vulnerabilities. Authenticated attackers may exploit these issues to gain access to administrative functions, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. WordPress versions prior to 2.8.3 are vulnerable.

Remediation

Update to WordPress version 2.8.3 or latest

References

http://secunia.com/advisories/36146/

https://wordpress.org/news/2009/08/wordpress-2-8-3-security-release/

Related Vulnerabilities

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Directory Traversal (5.1.4)

WordPress Plugin WordPress File Upload Arbitrary File Upload (3.4.0)

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-37823)

WordPress Plugin WP Open Graph Cross-Site Request Forgery (1.6.1)

WordPress Plugin Slider by 10Web-Responsive Image Slider SQL Injection (1.2.35)

Severity

High

Classification

CVE-2009-2853 CVE-2009-2854 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass