Published: 08/02/2008 Updated: 08/03/2011

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The XML-RPC implementation (xmlrpc.php) in WordPress prior to 2.3.3, when registration is enabled, allows remote malicious users to edit posts of other blog users via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 1.5
wordpress wordpress 1.5.1
wordpress wordpress 2.0.10_rc2
wordpress wordpress 2.0.11
wordpress wordpress 2.1
wordpress wordpress 2.1.1
wordpress wordpress 2.2.2
wordpress wordpress 2.2.3
wordpress wordpress 1.2.2
wordpress wordpress 1.3.1
wordpress wordpress 2.0.10
wordpress wordpress 2.0.10_rc1
wordpress wordpress 2.0.6
wordpress wordpress 2.0.7
wordpress wordpress 2.2
wordpress wordpress 2.2.1
wordpress wordpress 1.2
wordpress wordpress 1.2.1
wordpress wordpress 1.5.2
wordpress wordpress 2.0
wordpress wordpress 2.0.1
wordpress wordpress 2.0.4
wordpress wordpress 2.0.5
wordpress wordpress 2.1.3_rc1
wordpress wordpress 2.1.3_rc2
wordpress wordpress 2.3.1
wordpress wordpress 2.3.2
wordpress wordpress 0.7
wordpress wordpress 0.71
wordpress wordpress 1.5.1.2
wordpress wordpress 1.5.1.3
wordpress wordpress 2.0.2
wordpress wordpress 2.0.3
wordpress wordpress 2.1.2
wordpress wordpress 2.1.3
wordpress wordpress 2.2_revision5002
wordpress wordpress 2.2_revision5003
wordpress wordpress 2.3

Debian Bug report logs - #504771 wordpress can be subject of delayed attacks via cookies Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Fri, 7 Nov 2008 02:42:04 UTC S ...

Debian Bug report logs - #464170 wordpress: security flaw in xml-rpc implementation Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Tue, 5 Feb 2008 16:09:01 UTC Severity: grav ...

Debian Bug report logs - #536724 wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom&g ...

Debian Bug report logs - #531736 CVE-2008-6767, CVE-2008-6762 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 3 Jun 2009 17:27:02 UTC Severity: normal Tags: s ...

CWE-264 http://wordpress.org/development/2008/02/wordpress-233/http://www.securityfocus.com/bid/27669 http://secunia.com/advisories/28823 http://www.securitytracker.com/id?1019316 http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/https://bugzilla.redhat.com/show_bug.cgi?id=431547 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00349.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00416.html http://secunia.com/advisories/28920 http://www.debian.org/security/2008/dsa-1601 http://secunia.com/advisories/30960 http://www.vupen.com/english/advisories/2008/0448 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771

CVE-2008-0664

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect