Main Vulnerability Database Vulnerabilities #VU44817

Permissions, Privileges, and Access Controls in WordPress - CVE-2011-3129

Published: August 11, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44817

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-3129

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WordPress.ORG

Affected software:
WordPress

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.

How to mitigate CVE-2011-3129

Install update from vendor's website.

Sources

http://secunia.com/advisories/49138
http://wordpress.org/news/2011/05/wordpress-3-1-3/
http://www.debian.org/security/2012/dsa-2470
http://www.securityfocus.com/bid/47995

Permissions, Privileges, and Access Controls in WordPress - CVE-2011-3129

Detailed vulnerability description

How to mitigate CVE-2011-3129

Sources

Please verify you're human