Test ID:	1.3.6.1.4.1.25623.1.0.800704
Category:	Web application abuses
Title:	WordPress Multiple Vulnerabilities
Summary:	WordPress is prone to multiple vulnerabilities.
Description:	Summary: WordPress is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to lack of sanitization in user supplied data which can be exploited through 'wp-admin/upgrade.php' via a direct request and 'wp-admin/upgrade.php' via a URL in the backto parameter. Vulnerability Impact: Attackers can exploit this issue to causes denial of service or to redirect the URL to any malicious website and conduct phishing attacks. Affected Software/OS: WordPress version 2.6.x up to 2.6.3. Solution: Update to version 2.7.1 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6767 Bugtraq: 20081222 [ISecAuditors Security Advisories] Wordpress is vulnerable to an unauthorized upgrade and XSS (Google Search) http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html Debian Security Information: DSA-1871 (Google Search) http://www.debian.org/security/2009/dsa-1871 XForce ISS Database: wordpress-upgrade-sec-bypass(50384) https://exchange.xforce.ibmcloud.com/vulnerabilities/50384 Common Vulnerability Exposure (CVE) ID: CVE-2008-6762 http://osvdb.org/52213 XForce ISS Database: wordpress-upgrade-phishing(50382) https://exchange.xforce.ibmcloud.com/vulnerabilities/50382
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.