ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.3.1 - Multiple Vulnerabilities

Product
WordPress
Description
WordPress version 3.3.1 is prone to PHP code execution and persistent cross-site scripting vulnerabilities via "setup-config.php" page. The attackers can host their own MySQL database server and then successfully complete the WordPress installation without having any valid credentials on the target system. After that they can inject malicious PHP code through the WordPress Themes editor. Also, there are multiple cross-site scripting vulnerabilities in "setup-config.php" page. An attacker can supply Javascript within the "dbname", "dbhost" or "uname" parameters. Password disclosure vulnerability via "setup-config.php" page has been discovered in WordPress 3.3.1. It allows an attacker to omit the "dbname" parameter, that lets them continually bruteforce MySQL instance usernames and passwords. It includes any local or remote MySQL instances which are accessible to the target web server.
Solution
Update WordPress.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-2011-4898
Versions
Affected In <= 3.3.1
Fixed In 3.3.2
Disclosure date
2012-01-25
Credits
Trustwave's SpiderLabs