Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
20 vulnerabilities found for wordpress_mu by wordpress
CVE-2009-2432 (GCVE-0-2009-2432)
Vulnerability from nvd – Published: 2009-07-10 20:25 – Updated: 2024-08-07 05:52
VLAI
Summary
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://corelabs.coresecurity.com/index.php?action… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/504795/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1022528 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2009/1833 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/55717 | vdb-entryx_refsource_OSVDB |
Date Public
2009-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "wordpress-wpsettings-path-disclosure(51734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51734"
},
{
"name": "55717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "wordpress-wpsettings-path-disclosure(51734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51734"
},
{
"name": "55717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "wordpress-wpsettings-path-disclosure(51734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51734"
},
{
"name": "55717",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2432",
"datePublished": "2009-07-10T20:25:00.000Z",
"dateReserved": "2009-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2336 (GCVE-0-2009-2336)
Vulnerability from nvd – Published: 2009-07-10 20:25 – Updated: 2024-08-07 05:44
VLAI
Summary
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://corelabs.coresecurity.com/index.php?action… | x_refsource_MISC |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/archive/1/504795/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1022528 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2009/1833 | vdb-entryx_refsource_VUPEN |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.exploit-db.com/exploits/9110 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/55714 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/35581 | vdb-entryx_refsource_BID |
Date Public
2009-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2336",
"datePublished": "2009-07-10T20:25:00.000Z",
"dateReserved": "2009-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:56.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2335 (GCVE-0-2009-2335)
Vulnerability from nvd – Published: 2009-07-10 20:25 – Updated: 2024-08-07 05:44
VLAI
Summary
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://corelabs.coresecurity.com/index.php?action… | x_refsource_MISC |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/archive/1/504795/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1022528 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2009/1833 | vdb-entryx_refsource_VUPEN |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.osvdb.org/55713 | vdb-entryx_refsource_OSVDB |
| http://www.exploit-db.com/exploits/9110 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/35581 | vdb-entryx_refsource_BID |
Date Public
2009-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2335",
"datePublished": "2009-07-10T20:25:00.000Z",
"dateReserved": "2009-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2334 (GCVE-0-2009-2334)
Vulnerability from nvd – Published: 2009-07-10 20:25 – Updated: 2024-08-07 05:44
VLAI
Summary
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2009-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "http://wordpress.org/development/2009/07/wordpress-2-8-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2334",
"datePublished": "2009-07-10T20:25:00.000Z",
"dateReserved": "2009-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1030 (GCVE-0-2009-1030)
Vulnerability from nvd – Published: 2009-03-20 00:00 – Updated: 2024-08-07 04:57
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/34075 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1021838 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/501667/100… | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=126996727024732&w=2 | vendor-advisoryx_refsource_HP |
| https://www.exploit-db.com/exploits/8196 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34075"
},
{
"name": "1021838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021838"
},
{
"name": "wordpressmu-wpmufunctions-xss(49184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184"
},
{
"name": "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501667/100/0/threaded"
},
{
"name": "HPSBUX02514",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
},
{
"name": "8196",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8196"
},
{
"name": "SSRT100010",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34075"
},
{
"name": "1021838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021838"
},
{
"name": "wordpressmu-wpmufunctions-xss(49184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184"
},
{
"name": "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501667/100/0/threaded"
},
{
"name": "HPSBUX02514",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
},
{
"name": "8196",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8196"
},
{
"name": "SSRT100010",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34075"
},
{
"name": "1021838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021838"
},
{
"name": "wordpressmu-wpmufunctions-xss(49184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184"
},
{
"name": "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501667/100/0/threaded"
},
{
"name": "HPSBUX02514",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
},
{
"name": "8196",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8196"
},
{
"name": "SSRT100010",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1030",
"datePublished": "2009-03-20T00:00:00.000Z",
"dateReserved": "2009-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5695 (GCVE-0-2008-5695)
Vulnerability from nvd – Published: 2008-12-19 18:00 – Updated: 2024-08-07 11:04
VLAI
Summary
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/4798 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/27633 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/5066 | exploitx_refsource_EXPLOIT-DB |
| http://www.buayacorp.com/files/wordpress/wp-blog-… | x_refsource_MISC |
| http://secunia.com/advisories/28789 | third-party-advisoryx_refsource_SECUNIA |
| http://www.buayacorp.com/files/wordpress/wordpres… | x_refsource_MISC |
| http://mu.wordpress.org/forums/topic.php?id=7534&… | x_refsource_CONFIRM |
Date Public
2008-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4798",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4798"
},
{
"name": "27633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27633"
},
{
"name": "5066",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt"
},
{
"name": "28789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mu.wordpress.org/forums/topic.php?id=7534\u0026page\u0026replies=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script\u0027s pathname to active_plugins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4798",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4798"
},
{
"name": "27633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27633"
},
{
"name": "5066",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt"
},
{
"name": "28789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mu.wordpress.org/forums/topic.php?id=7534\u0026page\u0026replies=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script\u0027s pathname to active_plugins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4798",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4798"
},
{
"name": "27633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27633"
},
{
"name": "5066",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5066"
},
{
"name": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt",
"refsource": "MISC",
"url": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt"
},
{
"name": "28789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28789"
},
{
"name": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html",
"refsource": "MISC",
"url": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html"
},
{
"name": "http://mu.wordpress.org/forums/topic.php?id=7534\u0026page\u0026replies=1",
"refsource": "CONFIRM",
"url": "http://mu.wordpress.org/forums/topic.php?id=7534\u0026page\u0026replies=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5695",
"datePublished": "2008-12-19T18:00:00.000Z",
"dateReserved": "2008-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4671 (GCVE-0-2008-4671)
Vulnerability from nvd – Published: 2008-10-22 10:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/32060 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/31482 | vdb-entryx_refsource_BID |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2008-09-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wordpressmu-wpblogs-xss(45512)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45512"
},
{
"name": "32060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32060"
},
{
"name": "31482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31482"
},
{
"name": "20080929 WordPress MU \u003c 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wordpressmu-wpblogs-xss(45512)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45512"
},
{
"name": "32060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32060"
},
{
"name": "31482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31482"
},
{
"name": "20080929 WordPress MU \u003c 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wordpressmu-wpblogs-xss(45512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45512"
},
{
"name": "32060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32060"
},
{
"name": "31482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31482"
},
{
"name": "20080929 WordPress MU \u003c 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4671",
"datePublished": "2008-10-22T10:00:00.000Z",
"dateReserved": "2008-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4544 (GCVE-0-2007-4544)
Vulnerability from nvd – Published: 2007-08-27 23:00 – Updated: 2024-08-07 15:01
VLAI
Summary
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/482006/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityvulns.ru/Rdocument875.html | x_refsource_MISC |
| http://websecurity.com.ua/1269/ | x_refsource_MISC |
| http://osvdb.org/38442 | vdb-entryx_refsource_OSVDB |
Date Public
2007-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Rdocument875.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1269/"
},
{
"name": "38442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Rdocument875.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1269/"
},
{
"name": "38442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "http://securityvulns.ru/Rdocument875.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Rdocument875.html"
},
{
"name": "http://websecurity.com.ua/1269/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1269/"
},
{
"name": "38442",
"refsource": "OSVDB",
"url": "http://osvdb.org/38442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4544",
"datePublished": "2007-08-27T23:00:00.000Z",
"dateReserved": "2007-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3543 (GCVE-0-2007-3543)
Vulnerability from nvd – Published: 2007-07-03 20:00 – Updated: 2024-08-07 14:21
VLAI
Summary
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/25794 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24642 | vdb-entryx_refsource_BID |
| http://osvdb.org/37295 | vdb-entryx_refsource_OSVDB |
| http://www.buayacorp.com/files/wordpress/wordpres… | x_refsource_MISC |
| http://trac.mu.wordpress.org/changeset/1005 | x_refsource_CONFIRM |
Date Public
2007-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25794"
},
{
"name": "24642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24642"
},
{
"name": "37295",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37295"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.mu.wordpress.org/changeset/1005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file\u0027s content, along with its post_ID value, to (1) wp-app.php or (2) app.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25794"
},
{
"name": "24642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24642"
},
{
"name": "37295",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37295"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.mu.wordpress.org/changeset/1005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file\u0027s content, along with its post_ID value, to (1) wp-app.php or (2) app.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25794"
},
{
"name": "24642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24642"
},
{
"name": "37295",
"refsource": "OSVDB",
"url": "http://osvdb.org/37295"
},
{
"name": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html",
"refsource": "MISC",
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"name": "http://trac.mu.wordpress.org/changeset/1005",
"refsource": "CONFIRM",
"url": "http://trac.mu.wordpress.org/changeset/1005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3543",
"datePublished": "2007-07-03T20:00:00.000Z",
"dateReserved": "2007-07-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:21:36.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3544 (GCVE-0-2007-3544)
Vulnerability from nvd – Published: 2007-07-03 20:00 – Updated: 2024-08-07 14:21
VLAI
Summary
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.buayacorp.com/files/wordpress/wordpres… | x_refsource_MISC |
| http://osvdb.org/37294 | vdb-entryx_refsource_OSVDB |
Date Public
2007-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"name": "37294",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"name": "37294",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html",
"refsource": "MISC",
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"name": "37294",
"refsource": "OSVDB",
"url": "http://osvdb.org/37294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3544",
"datePublished": "2007-07-03T20:00:00.000Z",
"dateReserved": "2007-07-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:21:36.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2336 (GCVE-0-2009-2336)
Vulnerability from cvelistv5 – Published: 2009-07-10 20:25 – Updated: 2024-08-07 05:44
VLAI
Summary
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://corelabs.coresecurity.com/index.php?action… | x_refsource_MISC |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/archive/1/504795/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1022528 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2009/1833 | vdb-entryx_refsource_VUPEN |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.exploit-db.com/exploits/9110 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/55714 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/35581 | vdb-entryx_refsource_BID |
Date Public
2009-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2336",
"datePublished": "2009-07-10T20:25:00.000Z",
"dateReserved": "2009-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:56.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2432 (GCVE-0-2009-2432)
Vulnerability from cvelistv5 – Published: 2009-07-10 20:25 – Updated: 2024-08-07 05:52
VLAI
Summary
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://corelabs.coresecurity.com/index.php?action… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/504795/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1022528 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2009/1833 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/55717 | vdb-entryx_refsource_OSVDB |
Date Public
2009-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "wordpress-wpsettings-path-disclosure(51734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51734"
},
{
"name": "55717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "wordpress-wpsettings-path-disclosure(51734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51734"
},
{
"name": "55717",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "wordpress-wpsettings-path-disclosure(51734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51734"
},
{
"name": "55717",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2432",
"datePublished": "2009-07-10T20:25:00.000Z",
"dateReserved": "2009-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2335 (GCVE-0-2009-2335)
Vulnerability from cvelistv5 – Published: 2009-07-10 20:25 – Updated: 2024-08-07 05:44
VLAI
Summary
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://corelabs.coresecurity.com/index.php?action… | x_refsource_MISC |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/archive/1/504795/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1022528 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2009/1833 | vdb-entryx_refsource_VUPEN |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.osvdb.org/55713 | vdb-entryx_refsource_OSVDB |
| http://www.exploit-db.com/exploits/9110 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/35581 | vdb-entryx_refsource_BID |
Date Public
2009-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55713",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55713"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "35581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2335",
"datePublished": "2009-07-10T20:25:00.000Z",
"dateReserved": "2009-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2334 (GCVE-0-2009-2334)
Vulnerability from cvelistv5 – Published: 2009-07-10 20:25 – Updated: 2024-08-07 05:44
VLAI
Summary
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2009-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-8538",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8538",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
},
{
"name": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked",
"refsource": "MISC",
"url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
},
{
"name": "FEDORA-2009-7729",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
},
{
"name": "http://wordpress.org/development/2009/07/wordpress-2-8-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
},
{
"name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
},
{
"name": "1022528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022528"
},
{
"name": "FEDORA-2009-7701",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
},
{
"name": "ADV-2009-1833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1833"
},
{
"name": "DSA-1871",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "55712",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55712"
},
{
"name": "35584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35584"
},
{
"name": "55715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55715"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2334",
"datePublished": "2009-07-10T20:25:00.000Z",
"dateReserved": "2009-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1030 (GCVE-0-2009-1030)
Vulnerability from cvelistv5 – Published: 2009-03-20 00:00 – Updated: 2024-08-07 04:57
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/34075 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1021838 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/501667/100… | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=126996727024732&w=2 | vendor-advisoryx_refsource_HP |
| https://www.exploit-db.com/exploits/8196 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34075"
},
{
"name": "1021838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021838"
},
{
"name": "wordpressmu-wpmufunctions-xss(49184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184"
},
{
"name": "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501667/100/0/threaded"
},
{
"name": "HPSBUX02514",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
},
{
"name": "8196",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8196"
},
{
"name": "SSRT100010",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34075"
},
{
"name": "1021838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021838"
},
{
"name": "wordpressmu-wpmufunctions-xss(49184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184"
},
{
"name": "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501667/100/0/threaded"
},
{
"name": "HPSBUX02514",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
},
{
"name": "8196",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8196"
},
{
"name": "SSRT100010",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34075"
},
{
"name": "1021838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021838"
},
{
"name": "wordpressmu-wpmufunctions-xss(49184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184"
},
{
"name": "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501667/100/0/threaded"
},
{
"name": "HPSBUX02514",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
},
{
"name": "8196",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8196"
},
{
"name": "SSRT100010",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126996727024732\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1030",
"datePublished": "2009-03-20T00:00:00.000Z",
"dateReserved": "2009-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5695 (GCVE-0-2008-5695)
Vulnerability from cvelistv5 – Published: 2008-12-19 18:00 – Updated: 2024-08-07 11:04
VLAI
Summary
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/4798 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/27633 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/5066 | exploitx_refsource_EXPLOIT-DB |
| http://www.buayacorp.com/files/wordpress/wp-blog-… | x_refsource_MISC |
| http://secunia.com/advisories/28789 | third-party-advisoryx_refsource_SECUNIA |
| http://www.buayacorp.com/files/wordpress/wordpres… | x_refsource_MISC |
| http://mu.wordpress.org/forums/topic.php?id=7534&… | x_refsource_CONFIRM |
Date Public
2008-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4798",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4798"
},
{
"name": "27633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27633"
},
{
"name": "5066",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt"
},
{
"name": "28789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mu.wordpress.org/forums/topic.php?id=7534\u0026page\u0026replies=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script\u0027s pathname to active_plugins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4798",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4798"
},
{
"name": "27633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27633"
},
{
"name": "5066",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt"
},
{
"name": "28789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mu.wordpress.org/forums/topic.php?id=7534\u0026page\u0026replies=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script\u0027s pathname to active_plugins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4798",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4798"
},
{
"name": "27633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27633"
},
{
"name": "5066",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5066"
},
{
"name": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt",
"refsource": "MISC",
"url": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt"
},
{
"name": "28789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28789"
},
{
"name": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html",
"refsource": "MISC",
"url": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html"
},
{
"name": "http://mu.wordpress.org/forums/topic.php?id=7534\u0026page\u0026replies=1",
"refsource": "CONFIRM",
"url": "http://mu.wordpress.org/forums/topic.php?id=7534\u0026page\u0026replies=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5695",
"datePublished": "2008-12-19T18:00:00.000Z",
"dateReserved": "2008-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4671 (GCVE-0-2008-4671)
Vulnerability from cvelistv5 – Published: 2008-10-22 10:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/32060 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/31482 | vdb-entryx_refsource_BID |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2008-09-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wordpressmu-wpblogs-xss(45512)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45512"
},
{
"name": "32060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32060"
},
{
"name": "31482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31482"
},
{
"name": "20080929 WordPress MU \u003c 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wordpressmu-wpblogs-xss(45512)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45512"
},
{
"name": "32060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32060"
},
{
"name": "31482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31482"
},
{
"name": "20080929 WordPress MU \u003c 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wordpressmu-wpblogs-xss(45512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45512"
},
{
"name": "32060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32060"
},
{
"name": "31482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31482"
},
{
"name": "20080929 WordPress MU \u003c 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4671",
"datePublished": "2008-10-22T10:00:00.000Z",
"dateReserved": "2008-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4544 (GCVE-0-2007-4544)
Vulnerability from cvelistv5 – Published: 2007-08-27 23:00 – Updated: 2024-08-07 15:01
VLAI
Summary
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/482006/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityvulns.ru/Rdocument875.html | x_refsource_MISC |
| http://websecurity.com.ua/1269/ | x_refsource_MISC |
| http://osvdb.org/38442 | vdb-entryx_refsource_OSVDB |
Date Public
2007-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Rdocument875.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/1269/"
},
{
"name": "38442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Rdocument875.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/1269/"
},
{
"name": "38442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "http://securityvulns.ru/Rdocument875.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Rdocument875.html"
},
{
"name": "http://websecurity.com.ua/1269/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1269/"
},
{
"name": "38442",
"refsource": "OSVDB",
"url": "http://osvdb.org/38442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4544",
"datePublished": "2007-08-27T23:00:00.000Z",
"dateReserved": "2007-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3543 (GCVE-0-2007-3543)
Vulnerability from cvelistv5 – Published: 2007-07-03 20:00 – Updated: 2024-08-07 14:21
VLAI
Summary
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/25794 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24642 | vdb-entryx_refsource_BID |
| http://osvdb.org/37295 | vdb-entryx_refsource_OSVDB |
| http://www.buayacorp.com/files/wordpress/wordpres… | x_refsource_MISC |
| http://trac.mu.wordpress.org/changeset/1005 | x_refsource_CONFIRM |
Date Public
2007-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25794"
},
{
"name": "24642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24642"
},
{
"name": "37295",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37295"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.mu.wordpress.org/changeset/1005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file\u0027s content, along with its post_ID value, to (1) wp-app.php or (2) app.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25794"
},
{
"name": "24642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24642"
},
{
"name": "37295",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37295"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.mu.wordpress.org/changeset/1005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file\u0027s content, along with its post_ID value, to (1) wp-app.php or (2) app.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25794"
},
{
"name": "24642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24642"
},
{
"name": "37295",
"refsource": "OSVDB",
"url": "http://osvdb.org/37295"
},
{
"name": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html",
"refsource": "MISC",
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"name": "http://trac.mu.wordpress.org/changeset/1005",
"refsource": "CONFIRM",
"url": "http://trac.mu.wordpress.org/changeset/1005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3543",
"datePublished": "2007-07-03T20:00:00.000Z",
"dateReserved": "2007-07-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:21:36.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3544 (GCVE-0-2007-3544)
Vulnerability from cvelistv5 – Published: 2007-07-03 20:00 – Updated: 2024-08-07 14:21
VLAI
Summary
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.buayacorp.com/files/wordpress/wordpres… | x_refsource_MISC |
| http://osvdb.org/37294 | vdb-entryx_refsource_OSVDB |
Date Public
2007-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"name": "37294",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"name": "37294",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html",
"refsource": "MISC",
"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"
},
{
"name": "37294",
"refsource": "OSVDB",
"url": "http://osvdb.org/37294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3544",
"datePublished": "2007-07-03T20:00:00.000Z",
"dateReserved": "2007-07-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:21:36.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}