Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 2.8.1 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is running a PHP application that is vulnerable to multiple attack vectors.

Description

The remote host is running a version of WordPress earlier than 2.8.1. Such versions are reportedly affected by multiple vulnerabilities :

- A username enumeration weakness caused by the application displaying different responses to login requests depending on the existence of the supplied username. (CVE-2009-2334)

- A security-bypass vulnerability in the 'wp-admin/admin.php' script when it is called with the 'pages' parameter set to a plug-in configuration page. An authenticated attacker could exploit this to gain access to configuration scripts. (CVE-2009-2335)

Solution

Upgrade to WordPress 2.8.1, or later.