CVE-2008-3747 — Wordpress vulnerability

CWE-2646 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.4%

top 19.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedAug 27

Latest updateMay 2

Description

The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.5.1-6 (bookworm)

▶Debianwordpress/wordpress< 2.5.1-6+3

▶NVDwordpress/wordpress38 versions+37

Patches

Patch: trac.wordpress.org ↗Patch: trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-f6wq-25v5-wmh5: The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template↗2022-05-02

▶

OSV

CVE-2008-3747: The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template↗2008-08-27

▶

📋Vendor Advisories

Debian

CVE-2008-3747: wordpress - The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-include...↗2008

▶

Red Hat

wordpress: insufficient SSL communication enforcement↗

▶

💬Community

Bugzilla

CVE-2008-3747 wordpress: insufficient SSL communication enforcement↗2008-08-28

▶