VDB
CVE-2009-2853
CVE-2009-2853
PUBLISHED
CVSS 10 CRITICAL
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.
EPSS 1.20% · 79.2th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
1.20%
79.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| wordpress | wordpress | 0.71, 0.71, 0.71 |
Timeline
- Aug 18, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- http://core.trac.wordpress.org/changeset/11768 url
- [oss-security] 20090804 CVE request: Wordpress mailing-list
- DSA-1871 vendor-advisory
- http://core.trac.wordpress.org/changeset/11769 url
- http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/ url
- https://nvd.nist.gov/vuln/detail/CVE-2009-2853 advisory
- http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release url