5
CVE-2009-2431
- EPSS 2.87%
- Veröffentlicht 10.07.2009 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:09:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core < 2.8 - Sensitive Information Disclosure
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.8, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.87% | 0.85 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
http://securitytracker.com/id?1022528
http://www.securityfocus.com/archive/1/504795/100/0/threaded
http://www.vupen.com/english/advisories/2009/1833
http://www.osvdb.org/55716
https://exchange.xforce.ibmcloud.com/vulnerabilities/51733
https://www.wordfence.com/threat-intel/vulnerabilities/id/d84cf972-be7e-497c-b360-2ea491e44ad6