CVE-2009-2334

WordPress < 2.8.1 - Unauthenticated Sensitive Information Exposure via Plugin Configuration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2334. PoCs published by Core Security.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in WordPress, including privilege escalation via unchecked access to plugin configuration pages and information disclosure. It provides technical analysis of the root cause and proof-of-concept URLs demonstrating the flaws.

Description

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textwebappsphp

https://www.exploit-db.com/exploits/9110

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in WordPress, including privilege escalation via unchecked access to plugin configuration pages and information disclosure. It provides technical analysis of the root cause and proof-of-concept URLs demonstrating the flaws.

Classification

Writeup 100%

Attack Type

Auth Bypass | Info Leak | Xss

Complexity

Moderate

Reliability

Reliable

Target: WordPress 2.8 and previous, WordPress MU 2.7.1 and previous

Auth required

Prerequisites: Access to a WordPress instance with vulnerable version · Subscriber-level account or higher

MITRE ATT&CK