WordPress < 3.0.1 Privilege Escalation Vulnerability
Medium Nessus Network Monitor Plugin ID 9111
SynopsisThe remote server is hosting an outdated installation of WordPress that is vulnerable to a privilege escalation attack.
DescriptionVersions of WordPress prior to 3.0.1 are susceptible to a flaw when multisite installations are used that is due to the program retaining the 'site administrators can add users' option when it was changed. This may allow a remote authenticated attacker to add a user after a change to that setting and bypass intended access restrictions.
SolutionUpgrade to WordPress 3.0.1, or later.