Vulnerabilities > CVE-2012-0937 - Unspecified vulnerability in Wordpress
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time
Vulnerable Configurations
Exploit-Db
description | Wordpress <= 3.3.1 - Multiple Vulnerabilities. CVE-2011-4898,CVE-2011-4899,CVE-2012-0782,CVE-2012-0937. Webapps exploit for php platform |
file | exploits/php/webapps/18417.txt |
id | EDB-ID:18417 |
last seen | 2016-02-02 |
modified | 2012-01-25 |
platform | php |
port | |
published | 2012-01-25 |
reporter | Trustwave's SpiderLabs |
source | https://www.exploit-db.com/download/18417/ |
title | WordPress <= 3.3.1 - Multiple Vulnerabilities |
type | webapps |
Nessus
NASL family | CGI abuses |
NASL id | WORDPRESS_3_3_2.NASL |
description | According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf. (CVE-2012-2399) - The application is affected by an unspecified vulnerability in wp-includes/js/swfobject.js. (CVE-2012-2400) - The application contains a version of Plupload prior to 1.5.4 that enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass Same Origin Policy via crafted content. (CVE-2012-2401) - The application is affected by a security bypass vulnerability. Successfully exploiting this issue would allow a site administrator to deactivate network wide plugins. This issue requires the application to run under a WordPress network. (CVE-2012-2402) - The application is prone to multiple cross-site scripting vulnerabilities. An attacker can use specially crafted comments and the application is affected when making URLs clickable. (CVE-2012-2403, CVE-2012-2404) Note that CVE-2011-4898, CVE-2011-4899, CVE-2012-0782, CVE-2012-0937, and CVE-2012-1936 reportedly affect WordPress versions 3.3.1 and prior, however the CVE |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 59048 |
published | 2012-05-09 |
reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/59048 |
title | WordPress < 3.3.2 Multiple Vulnerabilities |
code |
|