5
CVSSv2

CVE-2009-2335

Published: 10/07/2009 Updated: 21/11/2024

Vulnerability Summary

WordPress and WordPress MU prior to 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

wordpress wordpress mu

Vendor Advisories

Debian Bug report logs - #536724 wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom&g ...
Debian Bug report logs - #537146 CVE-2009-2431, CVE-2009-2432 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 15 Jul 2009 14:00:02 UTC Severity: important Tags ...
Debian Bug report logs - #531736 CVE-2008-6767, CVE-2008-6762 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 3 Jun 2009 17:27:02 UTC Severity: normal Tags: s ...

Exploits

## # $Id: wordpress_login_enumrb 12196 2011-04-01 00:51:33Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## class Metasploit3 & ...
Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code Arbitrary native code may be run by a malicious attacker if the b ...

Github Repositories

Raven1 CTF Pen-Test If you're attempting this CTF, I would urge you to TRY HARDER before proceeding as, obviously, there are spoilers below! The following vulnerabilities were identified: Weak password requirements a CWE-521 cwemitreorg/data/definitions/521html b CWE-522 cwemitreorg/data/definitions/522html c Severity: Critical Wordpress &ndash

Final-Project Red Team: Summary of Operations Table of Contents Exposed Services Critical Vulnerabilities Exploitation Exposed Services Fill out the information below: Nmap scan results for each machine reveal the below services and OS details: nmap -sV 1921681110 command to Scan Target 1 This scan identifies the services below as potential points of entry: Targe

Code Path Week 7 & 8 WordPress vs Kali Homework Instructions: For these week's assignment, discover and demonstrate similar proofs-of-concept for at least an additional three and (up to five) exploits affecting an older version of WP All exploits were tested and implemented within a WPDistillery 42 environment 1 HTTP GET Request through author id Exploit Summ