CVE-2008-5695
WordPress <2.3.2 - Authenticated RCE
Title source: llmDescription
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Alexander Concha · phpwebappsphp
https://www.exploit-db.com/exploits/5066
References (7)
Scores
EPSS
0.1637
EPSS Percentile
94.9%
Details
CWE
CWE-20
Status
published
Products (2)
wordpress/wordpress
< 2.3.2
wordpress/wordpress_mu
< 1.3.2
Published
Dec 19, 2008
Tracked Since
Feb 18, 2026