Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wordpress | Wordpress | 0.71 (including) | 0.71 (including) |
| Wordpress | Wordpress | 0.71-beta (including) | 0.71-beta (including) |
| Wordpress | Wordpress | 0.71-beta_3 (including) | 0.71-beta_3 (including) |
| Wordpress | Wordpress | 0.72 (including) | 0.72 (including) |
| Wordpress | Wordpress | 0.72-beta_1 (including) | 0.72-beta_1 (including) |
| Wordpress | Wordpress | 0.72-beta_2 (including) | 0.72-beta_2 (including) |
| Wordpress | Wordpress | 0.72-rc1 (including) | 0.72-rc1 (including) |
| Wordpress | Wordpress | 0.711 (including) | 0.711 (including) |
| Wordpress | Wordpress | 1.0 (including) | 1.0 (including) |
| Wordpress | Wordpress | 1.0.1-miles (including) | 1.0.1-miles (including) |
| Wordpress | Wordpress | 1.0.1-rc1 (including) | 1.0.1-rc1 (including) |
| Wordpress | Wordpress | 1.2 (including) | 1.2 (including) |
| Wordpress | Wordpress | 1.2-beta (including) | 1.2-beta (including) |
| Wordpress | Wordpress | 1.2-rc1 (including) | 1.2-rc1 (including) |
| Wordpress | Wordpress | 1.2.1 (including) | 1.2.1 (including) |
| Wordpress | Wordpress | 1.2.2 (including) | 1.2.2 (including) |
| Wordpress | Wordpress | 1.5 (including) | 1.5 (including) |
| Wordpress | Wordpress | 1.5.1 (including) | 1.5.1 (including) |
| Wordpress | Wordpress | 1.5.1.3 (including) | 1.5.1.3 (including) |
| Wordpress | Wordpress | 1.5.2 (including) | 1.5.2 (including) |
| Wordpress | Wordpress | 2.0 (including) | 2.0 (including) |
| Wordpress | Wordpress | 2.0.1 (including) | 2.0.1 (including) |
| Wordpress | Wordpress | 2.0.2 (including) | 2.0.2 (including) |
| Wordpress | Wordpress | 2.0.3 (including) | 2.0.3 (including) |
| Wordpress | Wordpress | 2.0.4 (including) | 2.0.4 (including) |
| Wordpress | Wordpress | 2.0.5-ronan (including) | 2.0.5-ronan (including) |
| Wordpress | Wordpress | 2.0.6 (including) | 2.0.6 (including) |
| Wordpress | Wordpress | 2.0.7 (including) | 2.0.7 (including) |
| Wordpress | Wordpress | 2.0.9 (including) | 2.0.9 (including) |
| Wordpress | Wordpress | 2.0.10 (including) | 2.0.10 (including) |
| Wordpress | Wordpress | 2.0.11 (including) | 2.0.11 (including) |
| Wordpress | Wordpress | 2.1-ella (including) | 2.1-ella (including) |
| Wordpress | Wordpress | 2.1.1 (including) | 2.1.1 (including) |
| Wordpress | Wordpress | 2.1.1-dangerous (including) | 2.1.1-dangerous (including) |
| Wordpress | Wordpress | 2.1.2 (including) | 2.1.2 (including) |
| Wordpress | Wordpress | 2.1.3 (including) | 2.1.3 (including) |
| Wordpress | Wordpress | 2.2 (including) | 2.2 (including) |
| Wordpress | Wordpress | 2.2.1 (including) | 2.2.1 (including) |
| Wordpress | Wordpress | 2.2.2 (including) | 2.2.2 (including) |
| Wordpress | Wordpress | 2.2.3 (including) | 2.2.3 (including) |
| Wordpress | Wordpress | 2.3 (including) | 2.3 (including) |
| Wordpress | Wordpress | 2.3-beta3 (including) | 2.3-beta3 (including) |
| Wordpress | Wordpress | 2.3-rc1 (including) | 2.3-rc1 (including) |
| Wordpress | Wordpress | 2.3.1 (including) | 2.3.1 (including) |
| Wordpress | Wordpress | 2.3.1-rc1 (including) | 2.3.1-rc1 (including) |
| Wordpress | Wordpress | 2.3.2 (including) | 2.3.2 (including) |
| Wordpress | Wordpress | 2.5 (including) | 2.5 (including) |
| Wordpress | Wordpress | 2.5.1 (including) | 2.5.1 (including) |
| Wordpress | Wordpress | 2.6 (including) | 2.6 (including) |
| Wordpress | Wordpress | 2.6.1 (including) | 2.6.1 (including) |
| Wordpress | Wordpress | 2.6.2 (including) | 2.6.2 (including) |
| Wordpress | Wordpress | 2.6.3 (including) | 2.6.3 (including) |
| Wordpress | Wordpress | 2.7-coltrane (including) | 2.7-coltrane (including) |
| Wordpress | Wordpress | 2.7.1 (including) | 2.7.1 (including) |
| Wordpress | Wordpress | 2.8 (including) | 2.8 (including) |
| Wordpress | Wordpress | 2.8.1 (including) | 2.8.1 (including) |
| Wordpress | Wordpress | 2.8.2 (including) | 2.8.2 (including) |
| Wordpress | Ubuntu | dapper | * |
| Wordpress | Ubuntu | hardy | * |
| Wordpress | Ubuntu | intrepid | * |
| Wordpress | Ubuntu | jaunty | * |
| Wordpress | Ubuntu | upstream | * |
References
- http://core.trac.wordpress.org/changeset/11768
- http://core.trac.wordpress.org/changeset/11769
- http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/
- http://www.debian.org/security/2009/dsa-1871
- http://www.openwall.com/lists/oss-security/2009/08/04/5
- http://core.trac.wordpress.org/changeset/11768
- http://core.trac.wordpress.org/changeset/11769
- http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/
- http://www.debian.org/security/2009/dsa-1871
- http://www.openwall.com/lists/oss-security/2009/08/04/5