wp-admin/admin.php in WordPress and WordPress MU prior to 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote malicious users to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 2.0.11 |
||
wordpress wordpress 1.2-mingus |
||
wordpress wordpress 2.3.1 |
||
wordpress wordpress 2.0 |
||
wordpress wordpress 2.1.1 |
||
wordpress wordpress 2.1.3 rc2 |
||
wordpress wordpress 2.2.3 |
||
wordpress wordpress 2.0.2 |
||
wordpress wordpress mu 1.5.1 |
||
wordpress wordpress 1.2 |
||
wordpress wordpress mu 1.3.3 |
||
wordpress wordpress 2.1 |
||
wordpress wordpress 2.0.10 rc1 |
||
wordpress wordpress 1.5-strayhorn |
||
wordpress wordpress 1.2-delta |
||
wordpress wordpress 2.0.6 |
||
wordpress wordpress 1.0 |
||
wordpress wordpress 2.0.1 |
||
wordpress wordpress 2.0.4 |
||
wordpress wordpress 1.3.1 |
||
wordpress wordpress mu 2.6.3 |
||
wordpress wordpress mu 2.6 |
||
wordpress wordpress mu 1.2.5a |
||
wordpress wordpress 0.6.2.1 |
||
wordpress wordpress 0.71-gold |
||
wordpress wordpress mu 1.2.3 |
||
wordpress wordpress mu 2.6.1 |
||
wordpress wordpress 2.2 revision5003 |
||
wordpress wordpress 0.711 |
||
wordpress wordpress 1.4 |
||
wordpress wordpress 2.2 |
||
wordpress wordpress 1.2.1 |
||
wordpress wordpress 0.7 |
||
wordpress wordpress 2.1.3 |
||
wordpress wordpress 0.72 |
||
wordpress wordpress 2.0.7 |
||
wordpress wordpress mu 1.3.2 |
||
wordpress wordpress 2.2.0 |
||
wordpress wordpress 2.1.2 |
||
wordpress wordpress 0.71 |
||
wordpress wordpress 2.6.3 |
||
wordpress wordpress 2.0.5 |
||
wordpress wordpress mu 1.2 |
||
wordpress wordpress 2.6.5 |
||
wordpress wordpress 0.6.2 |
||
wordpress wordpress 2.2.2 |
||
wordpress wordpress 2.3.3 |
||
wordpress wordpress 1.5.1.1 |
||
wordpress wordpress 2.0.9 |
||
wordpress wordpress mu 1.1 |
||
wordpress wordpress mu 1.2.2 |
||
wordpress wordpress 2.2.1 |
||
wordpress wordpress mu 1.2.4 |
||
wordpress wordpress 1.5.2 |
||
wordpress wordpress mu 1.3 |
||
wordpress wordpress 1.6 |
||
wordpress wordpress 1.0.1 |
||
wordpress wordpress mu 1.3.1 |
||
wordpress wordpress 2.0.10 rc2 |
||
wordpress wordpress 1.0.2-blakey |
||
wordpress wordpress 1.0.2 |
||
wordpress wordpress 2.5.1 |
||
wordpress wordpress 2.0.3 |
||
wordpress wordpress 2.6.1 |
||
wordpress wordpress 1.5.1.2 |
||
wordpress wordpress 2.3 |
||
wordpress wordpress 2.5 |
||
wordpress wordpress 2.1.3 rc1 |
||
wordpress wordpress 1.0-platinum |
||
wordpress wordpress mu 1.1.1 |
||
wordpress wordpress |
||
wordpress wordpress 1.2.2 |
||
wordpress wordpress mu 2.6.2 |
||
wordpress wordpress 2.0.10 |
||
wordpress wordpress 1.0.1-miles |
||
wordpress wordpress mu 1.5 |
||
wordpress wordpress mu 1.2.1 |
||
wordpress wordpress 1.5 |
||
wordpress wordpress mu 2.6.5 |
||
wordpress wordpress 1.5.1 |
||
wordpress wordpress 1.5.1.3 |
||
wordpress wordpress mu |
||
wordpress wordpress 2.3.2 |
||
wordpress wordpress 2.6 |
||
wordpress wordpress 2.2 revision5002 |
||
wordpress wordpress 2.0.8 |