Lucene search

Gentoo FoundationGLSA-200608-19

HistoryAug 10, 2006 - 12:00 a.m.

WordPress: Privilege escalation

2006-08-1000:00:00

Gentoo Foundation

security.gentoo.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.7%

JSON

Background

WordPress is a PHP and MySQL based multiuser blogging system.

Description

The WordPress developers have confirmed a vulnerability in capability checking for plugins.

Impact

By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact depends on the configuration of WordPress and may range from trivial to critical, possibly even the execution of arbitrary PHP code.

Workaround

There is no known workaround at this time.

Resolution

All WordPress users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=www-apps/wordpress-2.0.4"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/wordpress< 2.0.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	www-apps/wordpress	< 2.0.4	UNKNOWN

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for GLSA-200608-19