CVE-2009-2334

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 2.8.1 WordPress MU versions prior to 2.8.1

Description The issue allows remote attackers to access and modify plugin configuration files without administrative authentication. This can be achieved by specifying a configuration file in the page parameter. Sensitive information can be obtained or the files can be modified, as demonstrated by accessing files such as collapsing-archives/options.txt, akismet/readme.txt, related-ways-to-take-action/options.php, wp-security-scan/securityscan.php, and wp-ids/ids-admin.php. This issue can be leveraged for cross-site scripting (XSS) and denial of service.

Recommendations For WordPress versions prior to 2.8.1, update to version 2.8.1 or later to resolve the issue. For WordPress MU versions prior to 2.8.1, update to version 2.8.1 or later to resolve the issue.