ID CVE-2006-4028
Summary Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).
References
Vulnerable Configurations
  • cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 01-09-2011 - 04:00)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 19247
confirm http://wordpress.org/development/2006/07/wordpress-204/
gentoo GLSA-200608-19
misc
osvdb 27633
secunia
  • 21309
  • 21447
vupen ADV-2006-3071
Last major update 01-09-2011 - 04:00
Published 09-08-2006 - 20:04
Last modified 01-09-2011 - 04:00
Back to Top