CVE-2009-2335

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress; WordPress Mu
Vendor: CVE Published:; 10 July 2009

Summary

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://corelabs.coresecurity.com/index.php?action=view&ty...

x_refsource_MISC

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

EPSS Score

95% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 10, 2009
Vulnerability Reserved
Jul 5, 2009