Описание
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| wordpress | fixed | 2.3.3-1 | package | |
| wordpress | not-affected | etch | package | |
| libwordpress-xmlrpc-perl | removed | package |
Примечания
The blog has to provide user accounts
A crafted XML-RPC request referring to a valid user can exploit this
This is specific to wordpress' implementation of xmlrpc.php, which is
not included in any other packages.
EPSS
Связанные уязвимости
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
EPSS