CVE-2009-2334

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
wordpresswordpress
𝑥
≤ 2.7.1
wordpresswordpress
0.6.2
wordpresswordpress
0.6.2:beta_2
wordpresswordpress
0.6.2.1
wordpresswordpress
0.6.2.1:beta_2
wordpresswordpress
0.7
wordpresswordpress
0.71
wordpresswordpress
0.71-gold
wordpresswordpress
0.72
wordpresswordpress
0.72:beta1
wordpresswordpress
0.72:beta2
wordpresswordpress
0.72:rc1
wordpresswordpress
0.711
wordpresswordpress
1.0
wordpresswordpress
1.0:rc1
wordpresswordpress
1.0:rc2
wordpresswordpress
1.0:rc3
wordpresswordpress
1.0:rc4
wordpresswordpress
1.0-platinum
wordpresswordpress
1.0.1
wordpresswordpress
1.0.1-miles
wordpresswordpress
1.0.2
wordpresswordpress
1.0.2-blakey
wordpresswordpress
1.2
wordpresswordpress
1.2:beta
wordpresswordpress
1.2-delta
wordpresswordpress
1.2-mingus
wordpresswordpress
1.2.1
wordpresswordpress
1.2.2
wordpresswordpress
1.3.1
wordpresswordpress
1.4
wordpresswordpress
1.5
wordpresswordpress
1.5-strayhorn
wordpresswordpress
1.5.1
wordpresswordpress
1.5.1.1
wordpresswordpress
1.5.1.2
wordpresswordpress
1.5.1.3
wordpresswordpress
1.5.2
wordpresswordpress
1.6
wordpresswordpress
2.0
wordpresswordpress
2.0.1
wordpresswordpress
2.0.2
wordpresswordpress
2.0.3
wordpresswordpress
2.0.4
wordpresswordpress
2.0.5
wordpresswordpress
2.0.6
wordpresswordpress
2.0.7
wordpresswordpress
2.0.8
wordpresswordpress
2.0.9
wordpresswordpress
2.0.10
wordpresswordpress
2.0.10_rc1:_rc1
wordpresswordpress
2.0.10_rc2:_rc2
wordpresswordpress
2.0.11
wordpresswordpress
2.1
wordpresswordpress
2.1:alpha_3
wordpresswordpress
2.1.1
wordpresswordpress
2.1.2
wordpresswordpress
2.1.3
wordpresswordpress
2.1.3_rc1:_rc1
wordpresswordpress
2.1.3_rc2:_rc2
wordpresswordpress
2.2
wordpresswordpress
2.2.0
wordpresswordpress
2.2.1
wordpresswordpress
2.2.2
wordpresswordpress
2.2.3
wordpresswordpress
2.2_revision5002:_revision5002
wordpresswordpress
2.2_revision5003:_revision5003
wordpresswordpress
2.3
wordpresswordpress
2.3:beta3
wordpresswordpress
2.3:rc1
wordpresswordpress
2.3.1
wordpresswordpress
2.3.1:rc1
wordpresswordpress
2.3.2
wordpresswordpress
2.3.3
wordpresswordpress
2.5
wordpresswordpress
2.5.1
wordpresswordpress
2.6
wordpresswordpress
2.6.1
wordpresswordpress
2.6.3
wordpresswordpress
2.6.5
wordpresswordpress_mu
𝑥
≤ 2.7
wordpresswordpress_mu
1.1
wordpresswordpress_mu
1.1.1
wordpresswordpress_mu
1.2
wordpresswordpress_mu
1.2.1
wordpresswordpress_mu
1.2.2
wordpresswordpress_mu
1.2.3
wordpresswordpress_mu
1.2.4
wordpresswordpress_mu
1.2.4:rc1
wordpresswordpress_mu
1.2.5a:a
wordpresswordpress_mu
1.3
wordpresswordpress_mu
1.3.1
wordpresswordpress_mu
1.3.2
wordpresswordpress_mu
1.3.3
wordpresswordpress_mu
1.5:rc1
wordpresswordpress_mu
1.5.1
wordpresswordpress_mu
2.6
wordpresswordpress_mu
2.6.1
wordpresswordpress_mu
2.6.2
wordpresswordpress_mu
2.6.3
wordpresswordpress_mu
2.6.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bullseye (security)
5.7.11+dfsg1-0+deb11u1
fixed
bullseye
5.7.11+dfsg1-0+deb11u1
fixed
bookworm
6.1.6+dfsg1-0+deb12u1
fixed
bookworm (security)
6.1.6+dfsg1-0+deb12u1
fixed
sid
6.6.1+dfsg1-1
fixed
trixie
6.6.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
http://securitytracker.com/id?1022528
http://wordpress.org/development/2009/07/wordpress-2-8-1/
http://www.debian.org/security/2009/dsa-1871
http://www.exploit-db.com/exploits/9110
http://www.osvdb.org/55712
http://www.osvdb.org/55715
http://www.securityfocus.com/archive/1/504795/100/0/threaded
http://www.securityfocus.com/bid/35584
http://www.vupen.com/english/advisories/2009/1833
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html
http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
http://securitytracker.com/id?1022528
http://wordpress.org/development/2009/07/wordpress-2-8-1/
http://www.debian.org/security/2009/dsa-1871
http://www.exploit-db.com/exploits/9110
http://www.osvdb.org/55712
http://www.osvdb.org/55715
http://www.securityfocus.com/archive/1/504795/100/0/threaded
http://www.securityfocus.com/bid/35584
http://www.vupen.com/english/advisories/2009/1833
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html