Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 3.0.1 Privilege Escalation Vulnerability

Medium

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to a privilege escalation attack.

Description

Versions of WordPress prior to 3.0.1 are susceptible to a flaw when multisite installations are used that is due to the program retaining the 'site administrators can add users' option when it was changed. This may allow a remote authenticated attacker to add a user after a change to that setting and bypass intended access restrictions.

Solution

Upgrade to WordPress 3.0.1, or later.