Description
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gerendi Sandor Attila · textwebappsphp
https://www.exploit-db.com/exploits/31670
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41920
Product x_refsource_misc
http://trac.wordpress.org/changeset/7586
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28845
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1871
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29949
Various Sources x_refsource_misc
http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html
Scores
EPSS
0.1766
EPSS Percentile
95.1%
Details
CWE
CWE-22
Status
published
Products (43)
wordpress/wordpress
0.6.2 (2 CPE variants)
wordpress/wordpress
0.6.2.1 (2 CPE variants)
wordpress/wordpress
0.7
wordpress/wordpress
0.71
wordpress/wordpress
0.71-gold
wordpress/wordpress
0.72 (4 CPE variants)
wordpress/wordpress
0.711
wordpress/wordpress
1.0
wordpress/wordpress
1.0-platinum
wordpress/wordpress
1.0.1
... and 33 more
Published
Oct 28, 2008
Tracked Since
Feb 18, 2026