CVE-2005-2612

WordPress <1.5.1.3 - Code Injection

Title source: llm

Description

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16895

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_lastpost_exec.rb

View Code ZIP pw:eip

References (2)

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html

[Vendor Advisory] http://secunia.com/advisories/16386

Scores

EPSS 0.7342

EPSS Percentile 98.8%

Details

Status published

Products (8)

wordpress/wordpress 1.0

wordpress/wordpress 1.0.1

wordpress/wordpress 1.0.2

wordpress/wordpress 1.2

wordpress/wordpress 1.5

wordpress/wordpress 1.5.1

wordpress/wordpress 1.5.1.2

wordpress/wordpress 1.5.1.3

Published Aug 17, 2005

Tracked Since Feb 18, 2026