CVE-2008-6767

WordPress - Unauthenticated Application Upgrade via wp-admin/upgrade.php

Title source: llm
STIX 2.1

Description

wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50384
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1871
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html

Scores

EPSS 0.0074
EPSS Percentile 73.1%

Details

Status published
Products (1)
wordpress/wordpress 2.6
Published Apr 28, 2009
Tracked Since Feb 18, 2026