CVE-2006-4028

Severity

99%

Complexity

99%

Confidentiality

165%

Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).

Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 18 years ago

2006-08-09 20:04:00

Last updated 13 years ago

2011-09-01 04:00:00

Affected Software

WordPress 2.0

2.0

WordPress 2.0.1

2.0.1

WordPress 2.0.2

2.0.2

WordPress 2.0.3

2.0.3

References

http://bugs.gentoo.org/show_bug.cgi?id=142142

21309

Patch, Vendor Advisory

21447

Vendor Advisory

GLSA-200608-19

http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/

http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/

http://wordpress.org/development/2006/07/wordpress-204/

Patch

27633

19247

Patch

ADV-2006-3071

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.