icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

WordPress < 2.0.1 Arbitrary Script Injection

Low

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to a script injection attack.

Description

The installed version of WordPress on the remote host will accept and execute arbitrary PHP code. This version of Wordpress is vulnerable to a flaw where a remote attacker can, by sending a malformed request, execute arbitrary code on the WordPress server.

Solution

Upgrade to WordPress 2.0.1, or later.