Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

WordPress: Privilege escalation — GLSA 200608-19

A flaw in WordPress allows registered WordPress users to elevate privileges.

Affected packages

Package www-apps/wordpress on all architectures
Affected versions < 2.0.4
Unaffected versions >= 2.0.4

Background

WordPress is a PHP and MySQL based multiuser blogging system.

Description

The WordPress developers have confirmed a vulnerability in capability checking for plugins.

Impact

By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact depends on the configuration of WordPress and may range from trivial to critical, possibly even the execution of arbitrary PHP code.

Workaround

There is no known workaround at this time.

Resolution

All WordPress users should upgrade to the latest version: 

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.4"

References

Release date
August 10, 2006

Latest revision
December 13, 2006: 02

Severity
normal

Exploitable
remote

Bugzilla entries