WordPress < 2.0.4 SQLi
Medium Nessus Network Monitor Plugin ID 3674
SynopsisThe remote web server contains a script that is vulnerable to a SQL injection attack.
DescriptionThe remote host is running WordPress blog, a web blog manager written in PHP.
The remote version of this software is vulnerable to various flaws that may
allow an attacker to perform a SQL injection attack against the remote host.
Successful exploitation would allow an attacker to read/write confidential
data as well as potentially execute arbitrary code on the remote database.
In addition, the remote host is vulnerable to multiple Cross-Site Scripting (XSS) flaws.
SolutionUpgrade to WordPress 2.0.4, or later.