CVE-2009-2853 — Wordpress vulnerability

CWE-2644 documents4 sources

Severity

10.0CRITICALNVD

EPSS

1.2%

top 21.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedAug 18

Latest updateMay 2

Description

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.8.3-1 (bookworm)

▶Debianwordpress/wordpress< 2.8.3-1+3

▶NVDwordpress/wordpress45 versions+44

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-gpxx-3842-mjw3: Wordpress before 2↗2022-05-02

▶

OSV

CVE-2009-2853: Wordpress before 2↗2009-08-18

▶

📋Vendor Advisories

Debian

CVE-2009-2853: wordpress - Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct r...↗2009

▶