Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 2.0.1 Arbitrary Script Injection

Low

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to a script injection attack.

Description

The installed version of WordPress on the remote host will accept and execute arbitrary PHP code. This version of Wordpress is vulnerable to a flaw where a remote attacker can, by sending a malformed request, execute arbitrary code on the WordPress server.

Solution

Upgrade to WordPress 2.0.1, or later.