WordPress < 2.8.1 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5096
SynopsisThe remote web server is running a PHP application that is vulnerable to multiple attack vectors.
DescriptionThe remote host is running a version of WordPress earlier than 2.8.1. Such versions are reportedly affected by multiple vulnerabilities :
- A username enumeration weakness caused by the application displaying different responses to login requests depending on the existence of the supplied username. (CVE-2009-2334)
- A security-bypass vulnerability in the 'wp-admin/admin.php' script when it is called with the 'pages' parameter set to a plug-in configuration page. An authenticated attacker could exploit this to gain access to configuration scripts. (CVE-2009-2335)
SolutionUpgrade to WordPress 2.8.1, or later.