WordPress XML-RPC Bug Lets Remote Users Edit Arbitrary Posts
|
|
SecurityTracker Alert ID: 1019316
|
|
SecurityTracker URL: http://securitytracker.com/id?1019316
|
|
CVE Reference: CVE-2008-0664
(Links to External Site)
|
Updated: Feb 17 2008
|
Original Entry Date: Feb 7 2008
|
Impact: Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 2.3.3
|
Description: A vulnerability was reported in WordPress when registration is enabled. A remote user can edit posts of other users.
A remote user can submit a specially crafted request to exploit a flaw in the XML-RPC implementation ('xmlrpc.php') to edit posts of other users on the target blog.
|
Impact: A remote user can edit the posts of other users.
|
Solution: The vendor has issued a fixed version (2.3.3).
The WordPress advisory is available at:
http://wordpress.org/development/2008/02/wordpress-233/
|
Vendor URL: wordpress.org/development/2008/02/wordpress-233/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 7 Feb 2008 07:56:07 -0500
Subject: WordPress
|
http://wordpress.org/development/2008/02/wordpress-233/
> WordPress 2.3.3 is an urgent security release.
|
|
