wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wordpress | Wordpress | * | 2.7.1 (including) |
| Wordpress | Wordpress | 0.6.2 (including) | 0.6.2 (including) |
| Wordpress | Wordpress | 0.6.2-beta_2 (including) | 0.6.2-beta_2 (including) |
| Wordpress | Wordpress | 0.6.2.1 (including) | 0.6.2.1 (including) |
| Wordpress | Wordpress | 0.6.2.1-beta_2 (including) | 0.6.2.1-beta_2 (including) |
| Wordpress | Wordpress | 0.7 (including) | 0.7 (including) |
| Wordpress | Wordpress | 0.71 (including) | 0.71 (including) |
| Wordpress | Wordpress | 0.71-gold (including) | 0.71-gold (including) |
| Wordpress | Wordpress | 0.72 (including) | 0.72 (including) |
| Wordpress | Wordpress | 0.72-beta1 (including) | 0.72-beta1 (including) |
| Wordpress | Wordpress | 0.72-beta2 (including) | 0.72-beta2 (including) |
| Wordpress | Wordpress | 0.72-rc1 (including) | 0.72-rc1 (including) |
| Wordpress | Wordpress | 0.711 (including) | 0.711 (including) |
| Wordpress | Wordpress | 1.0 (including) | 1.0 (including) |
| Wordpress | Wordpress | 1.0-rc1 (including) | 1.0-rc1 (including) |
| Wordpress | Wordpress | 1.0-rc2 (including) | 1.0-rc2 (including) |
| Wordpress | Wordpress | 1.0-rc3 (including) | 1.0-rc3 (including) |
| Wordpress | Wordpress | 1.0-rc4 (including) | 1.0-rc4 (including) |
| Wordpress | Wordpress | 1.0-platinum (including) | 1.0-platinum (including) |
| Wordpress | Wordpress | 1.0.1 (including) | 1.0.1 (including) |
| Wordpress | Wordpress | 1.0.1-miles (including) | 1.0.1-miles (including) |
| Wordpress | Wordpress | 1.0.2 (including) | 1.0.2 (including) |
| Wordpress | Wordpress | 1.0.2-blakey (including) | 1.0.2-blakey (including) |
| Wordpress | Wordpress | 1.2 (including) | 1.2 (including) |
| Wordpress | Wordpress | 1.2-beta (including) | 1.2-beta (including) |
| Wordpress | Wordpress | 1.2-delta (including) | 1.2-delta (including) |
| Wordpress | Wordpress | 1.2-mingus (including) | 1.2-mingus (including) |
| Wordpress | Wordpress | 1.2.1 (including) | 1.2.1 (including) |
| Wordpress | Wordpress | 1.2.2 (including) | 1.2.2 (including) |
| Wordpress | Wordpress | 1.3.1 (including) | 1.3.1 (including) |
| Wordpress | Wordpress | 1.4 (including) | 1.4 (including) |
| Wordpress | Wordpress | 1.5 (including) | 1.5 (including) |
| Wordpress | Wordpress | 1.5-strayhorn (including) | 1.5-strayhorn (including) |
| Wordpress | Wordpress | 1.5.1 (including) | 1.5.1 (including) |
| Wordpress | Wordpress | 1.5.1.1 (including) | 1.5.1.1 (including) |
| Wordpress | Wordpress | 1.5.1.2 (including) | 1.5.1.2 (including) |
| Wordpress | Wordpress | 1.5.1.3 (including) | 1.5.1.3 (including) |
| Wordpress | Wordpress | 1.5.2 (including) | 1.5.2 (including) |
| Wordpress | Wordpress | 1.6 (including) | 1.6 (including) |
| Wordpress | Wordpress | 2.0 (including) | 2.0 (including) |
| Wordpress | Wordpress | 2.0.1 (including) | 2.0.1 (including) |
| Wordpress | Wordpress | 2.0.2 (including) | 2.0.2 (including) |
| Wordpress | Wordpress | 2.0.3 (including) | 2.0.3 (including) |
| Wordpress | Wordpress | 2.0.4 (including) | 2.0.4 (including) |
| Wordpress | Wordpress | 2.0.5 (including) | 2.0.5 (including) |
| Wordpress | Wordpress | 2.0.6 (including) | 2.0.6 (including) |
| Wordpress | Wordpress | 2.0.7 (including) | 2.0.7 (including) |
| Wordpress | Wordpress | 2.0.8 (including) | 2.0.8 (including) |
| Wordpress | Wordpress | 2.0.9 (including) | 2.0.9 (including) |
| Wordpress | Wordpress | 2.0.10 (including) | 2.0.10 (including) |
| Wordpress | Wordpress | 2.0.10_rc1 (including) | 2.0.10_rc1 (including) |
| Wordpress | Wordpress | 2.0.10_rc2 (including) | 2.0.10_rc2 (including) |
| Wordpress | Wordpress | 2.0.11 (including) | 2.0.11 (including) |
| Wordpress | Wordpress | 2.1 (including) | 2.1 (including) |
| Wordpress | Wordpress | 2.1-alpha_3 (including) | 2.1-alpha_3 (including) |
| Wordpress | Wordpress | 2.1.1 (including) | 2.1.1 (including) |
| Wordpress | Wordpress | 2.1.2 (including) | 2.1.2 (including) |
| Wordpress | Wordpress | 2.1.3 (including) | 2.1.3 (including) |
| Wordpress | Wordpress | 2.1.3_rc1 (including) | 2.1.3_rc1 (including) |
| Wordpress | Wordpress | 2.1.3_rc2 (including) | 2.1.3_rc2 (including) |
| Wordpress | Wordpress | 2.2 (including) | 2.2 (including) |
| Wordpress | Wordpress | 2.2.0 (including) | 2.2.0 (including) |
| Wordpress | Wordpress | 2.2.1 (including) | 2.2.1 (including) |
| Wordpress | Wordpress | 2.2.2 (including) | 2.2.2 (including) |
| Wordpress | Wordpress | 2.2.3 (including) | 2.2.3 (including) |
| Wordpress | Wordpress | 2.2_revision5002 (including) | 2.2_revision5002 (including) |
| Wordpress | Wordpress | 2.2_revision5003 (including) | 2.2_revision5003 (including) |
| Wordpress | Wordpress | 2.3 (including) | 2.3 (including) |
| Wordpress | Wordpress | 2.3-beta3 (including) | 2.3-beta3 (including) |
| Wordpress | Wordpress | 2.3-rc1 (including) | 2.3-rc1 (including) |
| Wordpress | Wordpress | 2.3.1 (including) | 2.3.1 (including) |
| Wordpress | Wordpress | 2.3.1-rc1 (including) | 2.3.1-rc1 (including) |
| Wordpress | Wordpress | 2.3.2 (including) | 2.3.2 (including) |
| Wordpress | Wordpress | 2.3.3 (including) | 2.3.3 (including) |
| Wordpress | Wordpress | 2.5 (including) | 2.5 (including) |
| Wordpress | Wordpress | 2.5.1 (including) | 2.5.1 (including) |
| Wordpress | Wordpress | 2.6 (including) | 2.6 (including) |
| Wordpress | Wordpress | 2.6.1 (including) | 2.6.1 (including) |
| Wordpress | Wordpress | 2.6.3 (including) | 2.6.3 (including) |
| Wordpress | Wordpress | 2.6.5 (including) | 2.6.5 (including) |
| Wordpress_mu | Wordpress | * | 2.7 (including) |
| Wordpress_mu | Wordpress | 1.1 (including) | 1.1 (including) |
| Wordpress_mu | Wordpress | 1.1.1 (including) | 1.1.1 (including) |
| Wordpress_mu | Wordpress | 1.2 (including) | 1.2 (including) |
| Wordpress_mu | Wordpress | 1.2.1 (including) | 1.2.1 (including) |
| Wordpress_mu | Wordpress | 1.2.2 (including) | 1.2.2 (including) |
| Wordpress_mu | Wordpress | 1.2.3 (including) | 1.2.3 (including) |
| Wordpress_mu | Wordpress | 1.2.4 (including) | 1.2.4 (including) |
| Wordpress_mu | Wordpress | 1.2.4-rc1 (including) | 1.2.4-rc1 (including) |
| Wordpress_mu | Wordpress | 1.2.5a (including) | 1.2.5a (including) |
| Wordpress_mu | Wordpress | 1.3 (including) | 1.3 (including) |
| Wordpress_mu | Wordpress | 1.3.1 (including) | 1.3.1 (including) |
| Wordpress_mu | Wordpress | 1.3.2 (including) | 1.3.2 (including) |
| Wordpress_mu | Wordpress | 1.3.3 (including) | 1.3.3 (including) |
| Wordpress_mu | Wordpress | 1.5-rc1 (including) | 1.5-rc1 (including) |
| Wordpress_mu | Wordpress | 1.5.1 (including) | 1.5.1 (including) |
| Wordpress_mu | Wordpress | 2.6 (including) | 2.6 (including) |
| Wordpress_mu | Wordpress | 2.6.1 (including) | 2.6.1 (including) |
| Wordpress_mu | Wordpress | 2.6.2 (including) | 2.6.2 (including) |
| Wordpress_mu | Wordpress | 2.6.3 (including) | 2.6.3 (including) |
| Wordpress_mu | Wordpress | 2.6.5 (including) | 2.6.5 (including) |