6.4

CVE-2008-0664

WordPress Core < 2.3.3 - Improper Authorization Checks

The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.3.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version0.7
WordpressWordpress Version0.71
WordpressWordpress Version1.2
WordpressWordpress Version1.2.1
WordpressWordpress Version1.2.2
WordpressWordpress Version1.3.1
WordpressWordpress Version1.5
WordpressWordpress Version1.5.1
WordpressWordpress Version1.5.1.2
WordpressWordpress Version1.5.1.3
WordpressWordpress Version1.5.2
WordpressWordpress Version2.0
WordpressWordpress Version2.0.1
WordpressWordpress Version2.0.2
WordpressWordpress Version2.0.3
WordpressWordpress Version2.0.4
WordpressWordpress Version2.0.5
WordpressWordpress Version2.0.6
WordpressWordpress Version2.0.7
WordpressWordpress Version2.0.10
WordpressWordpress Version2.0.10_rc1
WordpressWordpress Version2.0.10_rc2
WordpressWordpress Version2.0.11
WordpressWordpress Version2.1
WordpressWordpress Version2.1.1
WordpressWordpress Version2.1.2
WordpressWordpress Version2.1.3
WordpressWordpress Version2.1.3_rc1
WordpressWordpress Version2.1.3_rc2
WordpressWordpress Version2.2
WordpressWordpress Version2.2.1
WordpressWordpress Version2.2.2
WordpressWordpress Version2.2.3
WordpressWordpress Version2.2_revision5002
WordpressWordpress Version2.2_revision5003
WordpressWordpress Version2.3
WordpressWordpress Version2.3.1
WordpressWordpress Version2.3.2
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-2.3.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.55% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/30960
http://www.debian.org/security/2008/dsa-1601
http://secunia.com/advisories/28823
Vendor Advisory
http://secunia.com/advisories/28920
http://wordpress.org/development/2008/02/wordpress-233/
Patch
http://www.securityfocus.com/bid/27669
Patch
http://www.securitytracker.com/id?1019316
http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/
http://www.vupen.com/english/advisories/2008/0448
https://bugzilla.redhat.com/show_bug.cgi?id=431547
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00349.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00416.html
https://www.wordfence.com/threat-intel/vulnerabilities/id/940aabdc-e98e-45be-87dd-cafae45f2474
Third Party Advisory