CVE-2008-4769

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 2.3.3 WordPress version 2.5

Description A directory traversal issue exists in the get category template function, allowing remote attackers to include and possibly execute arbitrary PHP files. This is achieved by manipulating the cat parameter in the "index.php" endpoint.

Recommendations For WordPress versions prior to 2.3.3, update to a version later than 2.3.3 to resolve the issue. For WordPress version 2.5, consider disabling the get category template function or restricting access to the cat parameter in the "index.php" endpoint until a patch is available.