CVE-2012-2402 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:N/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Affected Products (NVD)

Vendor	Product	Version
wordpress	wordpress	𝑥 ≤ 3.3.1
wordpress	wordpress	0.71
wordpress	wordpress	1.0
wordpress	wordpress	1.0.1
wordpress	wordpress	1.0.2
wordpress	wordpress	1.1.1
wordpress	wordpress	1.2
wordpress	wordpress	1.2.1
wordpress	wordpress	1.2.2
wordpress	wordpress	1.2.3
wordpress	wordpress	1.2.4
wordpress	wordpress	1.2.5
wordpress	wordpress	1.2.5:a
wordpress	wordpress	1.3
wordpress	wordpress	1.3.2
wordpress	wordpress	1.3.3
wordpress	wordpress	1.5
wordpress	wordpress	1.5.1
wordpress	wordpress	1.5.1.1
wordpress	wordpress	1.5.1.2
wordpress	wordpress	1.5.1.3
wordpress	wordpress	1.5.2
wordpress	wordpress	2.0
wordpress	wordpress	2.0.1
wordpress	wordpress	2.0.2
wordpress	wordpress	2.0.4
wordpress	wordpress	2.0.5
wordpress	wordpress	2.0.6
wordpress	wordpress	2.0.7
wordpress	wordpress	2.0.8
wordpress	wordpress	2.0.9
wordpress	wordpress	2.0.10
wordpress	wordpress	2.0.11
wordpress	wordpress	2.1
wordpress	wordpress	2.1.1
wordpress	wordpress	2.1.2
wordpress	wordpress	2.1.3
wordpress	wordpress	2.2
wordpress	wordpress	2.2.1
wordpress	wordpress	2.2.2
wordpress	wordpress	2.2.3
wordpress	wordpress	2.3
wordpress	wordpress	2.3.1
wordpress	wordpress	2.3.2
wordpress	wordpress	2.3.3
wordpress	wordpress	2.5
wordpress	wordpress	2.5.1
wordpress	wordpress	2.6
wordpress	wordpress	2.6.1
wordpress	wordpress	2.6.2
wordpress	wordpress	2.6.3
wordpress	wordpress	2.6.5
wordpress	wordpress	2.7
wordpress	wordpress	2.7.1
wordpress	wordpress	2.8
wordpress	wordpress	2.8.1
wordpress	wordpress	2.8.2
wordpress	wordpress	2.8.3
wordpress	wordpress	2.8.4
wordpress	wordpress	2.8.4:a
wordpress	wordpress	2.8.5
wordpress	wordpress	2.8.5.1
wordpress	wordpress	2.8.5.2
wordpress	wordpress	2.8.6
wordpress	wordpress	2.9
wordpress	wordpress	2.9.1
wordpress	wordpress	2.9.1.1
wordpress	wordpress	2.9.2
wordpress	wordpress	3.0
wordpress	wordpress	3.0.1
wordpress	wordpress	3.0.2
wordpress	wordpress	3.0.3
wordpress	wordpress	3.0.4
wordpress	wordpress	3.0.5
wordpress	wordpress	3.0.6
wordpress	wordpress	3.1
wordpress	wordpress	3.1.1
wordpress	wordpress	3.1.2
wordpress	wordpress	3.1.3
wordpress	wordpress	3.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wordpress

bookworm	6.1.6+dfsg1-0+deb12u1 fixed
bookworm (security)	6.1.6+dfsg1-0+deb12u1 fixed
bullseye	5.7.11+dfsg1-0+deb11u1 fixed
bullseye (security)	5.7.11+dfsg1-0+deb11u1 fixed
sid	6.6.1+dfsg1-1 fixed
trixie	6.6.1+dfsg1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

wordpress

hardy	ignored
lucid	ignored
natty	ignored
oneiric	ignored
precise	ignored
quantal	not-affected
raring	not-affected
saucy	not-affected
trusty	dne
utopic	not-affected
vivid	not-affected
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-264 -

References

http://core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php

http://osvdb.org/81462

http://secunia.com/advisories/48957

http://secunia.com/advisories/49138

http://wordpress.org/news/2012/04/wordpress-3-3-2/

http://www.debian.org/security/2012/dsa-2470

http://www.securityfocus.com/bid/53192

https://exchange.xforce.ibmcloud.com/vulnerabilities/75090

https://exchange.xforce.ibmcloud.com/vulnerabilities/75207

http://core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php

http://osvdb.org/81462

http://secunia.com/advisories/48957

http://secunia.com/advisories/49138

http://wordpress.org/news/2012/04/wordpress-3-3-2/

http://www.debian.org/security/2012/dsa-2470

http://www.securityfocus.com/bid/53192

https://exchange.xforce.ibmcloud.com/vulnerabilities/75090

https://exchange.xforce.ibmcloud.com/vulnerabilities/75207