Wordpress Mu Security Vulnerabilities and Issues — Wordpress Mu CVE List

WordpressWordpress Mu

10 matches found

CVE•added 2008/12/19 6:0 p.m.•186 views

CVE-2008-5695

CVE-2008-5695 affects WordPress MU pre-1.3.2 and WordPress pre-2.3.2, where wp-admin/options.php fails to properly validate option update requests. This allows remote authenticated users with manage_options and upload_files to execute arbitrary code by uploading a PHP script and adding its pathna...

8.5CVSS7.2AI score0.16371EPSS

Web

CVE•added 2009/07/10 8:25 p.m.•106 views

CVE-2009-2334

Technical details about CVE-2009-2334 (affected WordPress plugins/config exposure, root cause, affected versions, exploitability) are not publicly provided in the connected documents. Monitor for updates.

4.9CVSS6.1AI score0.12303EPSS

Web

CVE•added 2009/07/10 8:25 p.m.•95 views

CVE-2009-2335

CVE-2009-2335 affects WordPress and WordPress MU prior to 2.8.1, where a failed login behaves differently depending on whether the user account exists, enabling remote enumeration of valid usernames. The vendor reportedly disputes the significance of the issue, calling the behavior for user conve...

5CVSS6.4AI score0.85338EPSS

CVE•added 2009/03/20 12:0 a.m.•76 views

CVE-2009-1030

Technical details about CVE-2009-1030 are not provided in the attached documents. Monitor for updates from vendors and security advisories.

4.3CVSS5.5AI score0.02276EPSS

CVE•added 2009/07/10 8:25 p.m.•62 views

CVE-2009-2336

CVE-2009-2336 affects WordPress and WordPress MU prior to 2.8.1, where the password reset/request behavior differs based on account existence, enabling remote username enumeration. The issue has a CVSS 2.0 base score of 5.0 (Network, Low attack complexity, No authentication). The vendor reportedl...

5CVSS6.6AI score0.02303EPSS

CVE•added 2009/07/10 8:25 p.m.•61 views

CVE-2009-2432

CVE-2009-2432 affects WordPress and WordPress MU prior to 2.8.1. The flaw allows remote attackers to disclose the installation path via a direct request to wp-settings.php, resulting in exposure of server filesystem information. This is an information-disclosure vulnerability with no documented e...

5CVSS6.1AI score0.01072EPSS

CVE•added 2007/07/03 8:0 p.m.•56 views

CVE-2007-3543

CVE-2007-3543 involves an Unrestricted file upload vulnerability in WordPress up to version 2.2.1 and WordPress MU up to 1.2.3. The flaw allows a remote authenticated user to upload and execute arbitrary PHP code by creating a post with a .php filename in the _wp_attached_file metadata field and ...

6CVSS7AI score0.01689EPSS

CVE•added 2008/10/22 10:0 a.m.•47 views

CVE-2008-4671

WordPress MU (WPMU)

4.3CVSS5.6AI score0.00813EPSS

Web

CVE•added 2007/07/03 8:0 p.m.•46 views

CVE-2007-3544

CVE-2007-3544 describes an unrestricted file upload in WordPress 2.2.1 and WordPress MU 1.2.3 affecting (1) wp-app.php and (2) app.php. The issue allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, with possible linkage to the wp_postmeta table and ...

6.5CVSS7.3AI score0.01689EPSS

CVE•added 2007/08/27 11:0 p.m.•46 views

CVE-2007-4544

CVE-2007-4544 is a cross-site scripting (XSS) vulnerability affecting WordPress MU (multi-user)

4.3CVSS5.8AI score0.00153EPSS