Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-2336

Published: 10/07/2009 Updated: 08/11/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 540
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Wordpress

Vulnerability Summary

The forgotten mail interface in WordPress and WordPress MU prior to 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

wordpress wordpress mu

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures
Debian Bug report logs - #536724 wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom&g ...
Debian CVElist Bug Report Logs: CVE-2009-2431, CVE-2009-2432
Debian Bug report logs - #537146 CVE-2009-2431, CVE-2009-2432 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 15 Jul 2009 14:00:02 UTC Severity: important Tags ...
Debian CVElist Bug Report Logs: CVE-2008-6767, CVE-2008-6762
Debian Bug report logs - #531736 CVE-2008-6767, CVE-2008-6762 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 3 Jun 2009 17:27:02 UTC Severity: normal Tags: s ...

Exploits

Exploit DB: Core Security Technologies Advisory 2009.0515
Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code Arbitrary native code may be run by a malicious attacker if the b ...

References

CWE-16http://www.securityfocus.com/bid/35581http://www.vupen.com/english/advisories/2009/1833http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Uncheckedhttp://securitytracker.com/id?1022528http://www.osvdb.org/55714https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.htmlhttp://www.exploit-db.com/exploits/9110http://www.securityfocus.com/archive/1/504795/100/0/threadedhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook