CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
99.7%
The remote host is running a version of WordPress earlier than 2.8.1. Such versions are reportedly affected by multiple vulnerabilities :
A username enumeration weakness caused by the application displaying different responses to login requests depending on the existence of the supplied username. (CVE-2009-2334)
A security-bypass vulnerability in the โwp-admin/admin.phpโ script when it is called with the โpagesโ parameter set to a plug-in configuration page. An authenticated attacker could exploit this to gain access to configuration scripts. (CVE-2009-2335)
Binary data 5096.prm