Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackTrustwave's SpiderLabsPATCHSTACK:6B1AE1C839806F5D9AD625AB509D80FE
HistoryJan 25, 2012 - 12:00 a.m.

WordPress <= 3.3.1 - Multiple Vulnerabilities

2012-01-2500:00:00
Trustwave's SpiderLabs
patchstack.com
9

0.005 Low

EPSS

Percentile

76.9%

JSON

WordPress version 3.3.1 is prone to PHP code execution and persistent cross-site scripting vulnerabilities via “setup-config.php” page. The attackers can host their own MySQL database server and then successfully complete the WordPress installation without having any valid credentials on the target system. After that they can inject malicious PHP code through the WordPress Themes editor.
Also, there are multiple cross-site scripting vulnerabilities in “setup-config.php” page. An attacker can supply Javascript within the “dbname”, “dbhost” or “uname” parameters.
Password disclosure vulnerability via “setup-config.php” page has been discovered in WordPress 3.3.1. It allows an attacker to omit the “dbname” parameter, that lets them continually bruteforce MySQL instance usernames and passwords. It includes any local or remote MySQL instances which are accessible to the
target web server.

Solution

           Update WordPress.
CPENameOperatorVersion
wordpressle3.3.1

Related

prion 2
cvelist 2
debiancve 2
nvd 2
cve 2
ubuntucve 2
seebug 2
securityvulns 1
packetstorm 1
openvas 1
exploitpack 1
exploitdb 1
nessus 1
prion
prion
Design/Logic Flaw
2012-01-30 17:55:00
Design/Logic Flaw
2012-01-30 17:55:00
cvelist
cvelist
CVE-2011-4898
2022-10-03 16:15:14
CVE-2012-0937
2022-10-03 16:15:38
debiancve
debiancve
CVE-2011-4898
2022-10-03 16:15:14
CVE-2012-0937
2022-10-03 16:15:38
nvd
nvd
CVE-2011-4898
2012-01-30 17:55:00
CVE-2012-0937
2012-01-30 17:55:01
cve
cve
CVE-2011-4898
2022-10-03 16:15:14
CVE-2012-0937
2022-10-03 16:15:38
ubuntucve
ubuntucve
CVE-2011-4898
2012-01-30 00:00:00
CVE-2012-0937
2012-01-30 00:00:00
seebug
seebug
wordpress <= 3.3.1 - Multiple Vulnerabilities
2014-07-01 00:00:00
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
securityvulns
securityvulns
TWSL2012-002: Multiple Vulnerabilities in WordPress
2012-02-13 00:00:00
packetstorm
packetstorm
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
openvas
openvas
WordPress 'setup-config.php' Multiple Vulnerabilities
2012-02-01 00:00:00
exploitpack
exploitpack
WordPress 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
exploitdb
exploitdb
WordPress Core 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00

0.005 Low

EPSS

Percentile

76.9%

JSON
Related for PATCHSTACK:6B1AE1C839806F5D9AD625AB509D80FE
prion2cvelist2debiancve2nvd2cve2ubuntucve2seebug2securityvulns1packetstorm1openvas1exploitpack1exploitdb1nessus1