CVE-2008-0664

The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.

🔗 References (24)

• cve@mitrehttp://secunia.com/advisories/28823
• cve@mitrehttp://secunia.com/advisories/28920
• cve@mitrehttp://secunia.com/advisories/30960
• cve@mitrehttp://wordpress.org/development/2008/02/wordpress-233/
• cve@mitrehttp://www.debian.org/security/2008/dsa-1601
• cve@mitrehttp://www.securityfocus.com/bid/27669
• cve@mitrehttp://www.securitytracker.com/id?1019316
• cve@mitrehttp://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/
• cve@mitrehttp://www.vupen.com/english/advisories/2008/0448
• cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=431547
• cve@mitrehttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00349.html
• cve@mitrehttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00416.html
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28823
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28920
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30960