Detections
Analytics
WordPress < 2.8.3 Multiple Security Bypass Vulnerabilities
medium Nessus Network Monitor Plugin ID 5120
Synopsis
The remote host is vulnerable to multiple attack vectors.Description
The remote host is running a version of WordPress earlier than 2.8.3. Such versions are reportedly affected by multiple security-bypass vulnerabilities in the 'wp-admin' administrative scripts. Authenticated attackers can exploit this issue to gain access to administrative functions.Solution
Upgrade to WordPress 2.8.3, or later.See Also
http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release
Plugin Details
Severity: Medium
ID: 5120
Family: CGI
Published: 8/5/2009
Updated: 3/6/2019
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.4
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 8/3/2009
Vulnerability Publication Date: 8/3/2009
Reference Information
BID: 35935