CVE-2008-3747
WordPress - Unauthenticated Administrative Access via SSL Bypass in Edit Post/Comment Links
Title source: llmDescription
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
References (5)
Core 5
Core References
Patch x_refsource_confirm
http://trac.wordpress.org/ticket/7359
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/08/20/3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44569
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30750
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/08/19/1
Scores
EPSS
0.0144
EPSS Percentile
80.9%
Details
CWE
CWE-264
Status
published
Products (38)
wordpress/wordpress
0.6.2
wordpress/wordpress
0.6.2.1
wordpress/wordpress
0.7
wordpress/wordpress
0.71
wordpress/wordpress
0.72 (4 CPE variants)
wordpress/wordpress
0.711
wordpress/wordpress
1.0
wordpress/wordpress
1.0.1
wordpress/wordpress
1.2 (2 CPE variants)
wordpress/wordpress
1.2.1
... and 28 more
Published
Aug 27, 2008
Tracked Since
Feb 18, 2026