CVE-2009-2852

Name of the Vulnerable Software and Affected Versions WP-Syntax plugin versions 0.9.1 and earlier for Wordpress

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the test filter[wp head] array parameter to "test/index.php", which is used in a call to the call user func array function. The attack is possible when register globals is enabled.

Recommendations For WP-Syntax plugin versions 0.9.1 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Avoid using the test filter[wp head] array parameter in the "test/index.php" endpoint until the issue is resolved.