CVE-2009-2851

WordPress < 2.8.2 - Cross-Site Scripting via Comment Author URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2851. PoCs published by superfreakaz0rz.

AI-analyzed exploit summary This exploit targets a stored XSS vulnerability in WordPress (CVE-2009-2851) by injecting malicious JavaScript into the comment URL field. The payload triggers when an admin mouses over the comment author's name, executing arbitrary JavaScript in the context of the admin session.

Description

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

Exploits (1)

exploitdb WORKING POC VERIFIED
by superfreakaz0rz · bashwebappsphp
https://www.exploit-db.com/exploits/9250

This exploit targets a stored XSS vulnerability in WordPress (CVE-2009-2851) by injecting malicious JavaScript into the comment URL field. The payload triggers when an admin mouses over the comment author's name, executing arbitrary JavaScript in the context of the admin session.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress (versions prior to 2.8.2)
No auth needed
Prerequisites: Target WordPress site with comment functionality enabled · Admin interaction (mouse-over) required for payload execution
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/07/21/1
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01253.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1871
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/development/2009/07/wordpress-2-8-2/
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01241.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022589
Issue Tracking, Third Party Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=278492
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=512900

Scores

EPSS 0.0790
EPSS Percentile 94.0%

Details

CWE
CWE-79
Status published
Products (1)
wordpress/wordpress < 2.8.1
Published Aug 18, 2009
Tracked Since Feb 18, 2026