| VID |
21639 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of WordPress software which is older or as old as than version 1.5.1.2 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions 1.5.1.2 and earlier are vulnerable to multiple vulnerabilities, which may allow a remote attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, Forgotten Password Security Issues, and Full Path Disclosure issues.
* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.gulftech.org/?node=research&article_id=00085-06282005
* Platforms affected:
Matthew Mullenweg, WordPress versions 1.5.1.2 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PEAR XML-RPC (1.3.1 or later), available from the PEAR XML_RPC Download Web page at http://pear.php.net/manual/en/introduction.php
-- AND --
Upgrade to the latest version of WordPress (1.5.1.3 or later), available from the WordPress Download Web page at http://wordpress.org/download/ |
| Related URL |
CVE-2005-1921 (CVE) |
| Related URL |
14088 (SecurityFocus) |
| Related URL |
21194 (ISS) |
|
