Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
WordPress Privileges Unchecked in admin.php and Multiple Information
Disclosures
1. *Advisory Information*
Title: WordPress Privileges Unchecked in admin.php and Multiple
Information Disclosures
Advisory ID: CORE-2009-0515
Advisory URL:
http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
Date published: 2009-07-08
Date of last update: 2009-07-08
Vendors contacted: WordPress
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Local file include, Privileges unchecked, Cross site scripting
(XSS), Information disclosure
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 35581, 35584
CVE Name: CVE-2009-2334, CVE-2009-2335, CVE-2009-2336
3. *Vulnerability Description*
WordPress is a web application written i
...
Read more »