WordPress <= 2.0.5 - Multiple vulnerabilities #1

wordpress

Software
WordPress
Versions
<= 2.0.5
Disclosure date
2006-09-13
CVE
CVE-2006-4743
References
Credits
Classification
Multiple Vulnerabilities
OWASP Top 10

Are your websites subject to this vulnerability?

Details

Because of these vulnerabilities, the attackers can obtain sensitive information via a direct request for wp-content/themes/default/index.php, links.php, sidebar.php, livejournal.php, hello.php, mt.php, page.php, rss.php, search.php, searchform.php, 404.php, wp-db-backup.php, akismet.php, comments-popup.php, archive.php, archives.php, functions.php, header.php, upgrade-schema.php, attachment.php, single.php, blogger.php, upgrade-functions.php, dotclear.php, comments.php, textpattern.php or footer.php, that reveal the path in various error messages.

Solution

Update the WordPress to the latest available version (at least 2.0.6).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.