WordPress < 2.0.1 Arbitrary Script Injection
Low Nessus Network Monitor Plugin ID 3435
SynopsisThe remote server is hosting an outdated installation of WordPress that is vulnerable to a script injection attack.
DescriptionThe installed version of WordPress on the remote host will accept and execute arbitrary PHP code. This version of Wordpress is vulnerable to a flaw where a remote attacker can, by sending a malformed request, execute arbitrary code on the WordPress server.
SolutionUpgrade to WordPress 2.0.1, or later.