CVE-2008-0664

EUVD-2008-0674
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
wordpresswordpress
0.7
wordpresswordpress
0.71
wordpresswordpress
1.2
wordpresswordpress
1.2.1
wordpresswordpress
1.2.2
wordpresswordpress
1.3.1
wordpresswordpress
1.5
wordpresswordpress
1.5.1
wordpresswordpress
1.5.1.2
wordpresswordpress
1.5.1.3
wordpresswordpress
1.5.2
wordpresswordpress
2.0
wordpresswordpress
2.0.1
wordpresswordpress
2.0.2
wordpresswordpress
2.0.3
wordpresswordpress
2.0.4
wordpresswordpress
2.0.5
wordpresswordpress
2.0.6
wordpresswordpress
2.0.7
wordpresswordpress
2.0.10
wordpresswordpress
2.0.10_rc1:_rc1
wordpresswordpress
2.0.10_rc2:_rc2
wordpresswordpress
2.0.11
wordpresswordpress
2.1
wordpresswordpress
2.1.1
wordpresswordpress
2.1.2
wordpresswordpress
2.1.3
wordpresswordpress
2.1.3_rc1:_rc1
wordpresswordpress
2.1.3_rc2:_rc2
wordpresswordpress
2.2
wordpresswordpress
2.2.1
wordpresswordpress
2.2.2
wordpresswordpress
2.2.3
wordpresswordpress
2.2_revision5002:_revision5002
wordpresswordpress
2.2_revision5003:_revision5003
wordpresswordpress
2.3
wordpresswordpress
2.3.1
wordpresswordpress
2.3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bookworm
6.1.6+dfsg1-0+deb12u1
fixed
bookworm (security)
6.1.6+dfsg1-0+deb12u1
fixed
bullseye
5.7.11+dfsg1-0+deb11u1
fixed
bullseye (security)
5.7.11+dfsg1-0+deb11u1
fixed
etch
not-affected
sid
6.6.1+dfsg1-1
fixed
trixie
6.6.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
Fixed 2.2.2-1ubuntu1.3
released
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/28823
http://secunia.com/advisories/28920
http://secunia.com/advisories/30960
http://wordpress.org/development/2008/02/wordpress-233/
http://www.debian.org/security/2008/dsa-1601
http://www.securityfocus.com/bid/27669
http://www.securitytracker.com/id?1019316
http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/
http://www.vupen.com/english/advisories/2008/0448
https://bugzilla.redhat.com/show_bug.cgi?id=431547
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00349.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00416.html
http://secunia.com/advisories/28823
http://secunia.com/advisories/28920
http://secunia.com/advisories/30960
http://wordpress.org/development/2008/02/wordpress-233/
http://www.debian.org/security/2008/dsa-1601
http://www.securityfocus.com/bid/27669
http://www.securitytracker.com/id?1019316
http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/
http://www.vupen.com/english/advisories/2008/0448
https://bugzilla.redhat.com/show_bug.cgi?id=431547
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00349.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00416.html