Vulnerability Details CVE-2006-4028
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://bugs.gentoo.org/show_bug.cgi?id=142142
- http://secunia.com/advisories/21309
- http://secunia.com/advisories/21447
- http://security.gentoo.org/glsa/glsa-200608-19.xml
- http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/
- http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/
- http://wordpress.org/development/2006/07/wordpress-204/
- http://www.osvdb.org/27633
- http://www.securityfocus.com/bid/19247
- http://www.vupen.com/english/advisories/2006/3071
- http://bugs.gentoo.org/show_bug.cgi?id=142142
- http://secunia.com/advisories/21309
- http://secunia.com/advisories/21447
- http://security.gentoo.org/glsa/glsa-200608-19.xml
- http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/
- http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/
- http://wordpress.org/development/2006/07/wordpress-204/
- http://www.osvdb.org/27633
- http://www.securityfocus.com/bid/19247
- http://www.vupen.com/english/advisories/2006/3071
Products affected by CVE-2006-4028
-
cpe:2.3:a:wordpress:wordpress:2.0
-
cpe:2.3:a:wordpress:wordpress:2.0.1
-
cpe:2.3:a:wordpress:wordpress:2.0.2
-
cpe:2.3:a:wordpress:wordpress:2.0.3