| VID |
210144 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of WordPress software which is older than version 3.0.1 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions prior to 3.0.1 are affected by a security bypass vulnerability.
- When using a multisite installation, once the 'site administrators can add users' option is enabled, it cannot be turned off. This could allow a remote, authenticated administrator to bypass intended access restrictions.
* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://core.trac.wordpress.org/ticket/14119
https://core.trac.wordpress.org/changeset/15342
http://codex.wordpress.org/Version_3.0.1
http://wordpress.org/news/2010/07/wordpress-3-0-1/
* Platforms affected:
WordPress versions 3.x prior to 3.0.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WordPress (3.0.1 or later), available from the WordPress Download Web site at http://wordpress.org/download/ |
| Related URL |
CVE-2013-2173,CVE-2013-2199,CVE-2013-2200,CVE-2013-2201,CVE-2013-2202,CVE-2013-2203,CVE-2013-2204,CVE-2013-2205 (CVE) |
| Related URL |
60477,60757,60758,60759,60770,60775,60781,60825,60892 (SecurityFocus) |
| Related URL |
(ISS) |
|
