National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:wordpress:wordpress_mu:2.7.1
There are 3 matching records.
Vuln ID Summary CVSS Severity
CVE-2009-2336

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Published: July 10, 2009; 05:00:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2009-2335

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Published: July 10, 2009; 05:00:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2008-4671

Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.

Published: October 22, 2008; 06:30:01 AM -04:00
    V2: 4.3 MEDIUM