Debian: DSA-1871-1 Moderate: WordPress Remote Attack Severity Report
debian
August 23, 2009
Several vulnerabilities have been discovered in wordpress, weblog manager
Summary
Several vulnerabilities have been discovered in wordpress, weblog
manager. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2008-6762
It was discovered that wordpress is prone to an open redirect
vulnerability which allows remote attackers to conduct phishing atacks.
CVE-2008-6767
It was discovered that remote attackers had the ability to trigger an
application upgrade, which could lead to a denial of service attack.
CVE-2009-2334
It was discovered that wordpress lacks authentication checks in the
plugin configuration, which might leak sensitive information.
CVE-2009-2854
It was discovered that wordpress lacks authentication checks in various
actions, thus allowing remote attackers to produce unauthorised edits or
additions.
CVE-2009-2851
It was discovered that the administrator interface is prone to a
cross-site scripting attack. ...
PREVIOUS
NEXT
Package: wordpress
CVE IDs: CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2854
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!