Joined: 12 May 2004
|Posted: Thu Aug 10, 2006 9:26 pm Post subject: [ GLSA 200608-19 ] WordPress: Privilege escalation
|Gentoo Linux Security Advisory
Title: WordPress: Privilege escalation (GLSA 200608-19)
Date: August 10, 2006
Updated: December 13, 2006
A flaw in WordPress allows registered WordPress users to elevate privileges.
WordPress is a PHP and MySQL based multiuser blogging system.
Vulnerable: < 2.0.4
Unaffected: >= 2.0.4
Architectures: All supported architectures
The WordPress developers have confirmed a vulnerability in capability checking for plugins.
By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact depends on the configuration of WordPress and may range from trivial to critical, possibly even the execution of arbitrary PHP code.
There is no known workaround at this time.
All WordPress users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.4"
Last edited by GLSA on Thu Dec 14, 2006 4:18 am; edited 1 time in total