Vulnerabilities > Wordpress > Wordpress MU > 2.6.1

DATE CVE VULNERABILITY TITLE RISK
2009-07-10 CVE-2009-2432 Permissions, Privileges, and Access Controls vulnerability in Wordpress and Wordpress MU
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
network
low complexity
wordpress CWE-264
5.0
2009-07-10 CVE-2009-2336 Configuration vulnerability in Wordpress and Wordpress MU
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
network
low complexity
wordpress CWE-16
5.0
2009-07-10 CVE-2009-2335 Configuration vulnerability in Wordpress and Wordpress MU
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
network
low complexity
wordpress CWE-16
5.0
2009-07-10 CVE-2009-2334 Improper Authentication vulnerability in Wordpress and Wordpress MU
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files.
network
wordpress CWE-287
4.9
2009-03-20 CVE-2009-1030 Cross-Site Scripting vulnerability in Wordpress MU
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
network
wordpress CWE-79
4.3