User Enumeration Vulnerability in WordPress
CVE-2009-2335

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress; WordPress Mu
Vendor: CVE Published:; 10 July 2009

Summary

In older versions of WordPress and WordPress MU, a design flaw allows remote attackers to determine valid usernames by observing the differing responses to failed login attempts for existing and non-existing accounts. This behavior, allegedly present for user convenience, poses a risk of exposing valid usernames to malicious entities, enabling potential targeted attacks. Website administrators should consider upgrading to the latest version to mitigate this vulnerability.

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://corelabs.coresecurity.com/index.php?action=view&ty...

x_refsource_MISC

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

EPSS Score

85% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 10, 2009
Vulnerability Reserved
Jul 5, 2009