WordPress versions before 2.2.3 and WordPress multi-user (MU) versions before 1.2.5a have security vulnerabilities that allow people from outside to run commands on the WordPress database. This is done by using certain parameters when calling the pingback.extensions.getPingbacks method from the XMLRPC interface. Furthermore
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
