CVE-2008-0664
WordPress < 2.3.3 - Unauthenticated Post Editing via XML-RPC
Title source: llmDescription
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
References (12)
Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019316
Patch x_refsource_confirm
http://wordpress.org/development/2008/02/wordpress-233/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28823
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28920
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0448
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00416.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00349.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=431547
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30960
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1601
Various Sources x_refsource_misc
http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27669
Scores
EPSS
0.0726
EPSS Percentile
91.7%
Details
CWE
CWE-264
Status
published
Products (38)
wordpress/wordpress
0.7
wordpress/wordpress
0.71
wordpress/wordpress
1.2
wordpress/wordpress
1.2.1
wordpress/wordpress
1.2.2
wordpress/wordpress
1.3.1
wordpress/wordpress
1.5
wordpress/wordpress
1.5.1
wordpress/wordpress
1.5.1.2
wordpress/wordpress
1.5.1.3
... and 28 more
Published
Feb 08, 2008
Tracked Since
Feb 18, 2026