CVE-2009-2853

WordPress < 2.8.3 - Unauthenticated Privilege Escalation via Direct Admin Script Access

Title source: llm
STIX 2.1

Description

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.

References (5)

Core 5
Core References
Exploit, Vendor Advisory x_refsource_confirm
http://core.trac.wordpress.org/changeset/11768
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/08/04/5
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1871
Exploit, Vendor Advisory x_refsource_confirm
http://core.trac.wordpress.org/changeset/11769

Scores

EPSS 0.0120
EPSS Percentile 79.1%

Details

CWE
CWE-264
Status published
Products (38)
wordpress/wordpress 0.71 (3 CPE variants)
wordpress/wordpress 0.72 (4 CPE variants)
wordpress/wordpress 0.711
wordpress/wordpress 1.0
wordpress/wordpress 1.0.1 miles (2 CPE variants)
wordpress/wordpress 1.2 (3 CPE variants)
wordpress/wordpress 1.2.1
wordpress/wordpress 1.2.2
wordpress/wordpress 1.5
wordpress/wordpress 1.5.1
... and 28 more
Published Aug 18, 2009
Tracked Since Feb 18, 2026