Info

Disclosure

Jul 08, 2009

Discovery

Unknown

Dates

Exploit

Jul 08, 2009

Solution

Jul 07, 2009

Description

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 2.8.1 RC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1022528
CVE ID: 2009-2432 (see also: NVD)
Related OSVDB ID: 55713 55714 55715 55716
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2009-07/0044.html
Other Advisory URL: http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=WordPress_Privileges_Unchecked
http://www.vupen.com/english/advisories/2009/1833

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/55717