CVE-2008-2068

Vulnerability

WordPress versions prior to 2.5.1 contain a cross-site scripting (XSS) vulnerability in unspecified components — the official advisory [1] notes that corrected copies of wp-includes/pluggable.php, wp-admin/includes/media.php, and wp-admin/media.php were provided as part of the security fix. Affected software is WordPress 2.5.

Exploitation

Attackers can trigger the vulnerability by sending crafted input to the affected WordPress installation. The exact vector is not disclosed in the available references [1], but the vendor recommends immediate updating particularly for blogs with open registration, suggesting that unauthenticated users may be able to deliver the payload. No authentication or special network position is explicitly required.

Impact

Successful exploitation allows remote attackers to inject arbitrary web script or HTML into the context of the vulnerable WordPress site, leading to cross-site scripting (XSS). This can result in session hijacking, credential theft, or defacement of the site for other users.

Mitigation

The vulnerability is fixed in WordPress 2.5.1, released on 2008-04-28 [1]. Administrators should update immediately. As a temporary workaround, the corrected files (wp-includes/pluggable.php, wp-admin/includes/media.php, wp-admin/media.php) can be manually replaced with those from version 2.5.1 without upgrading the entire installation [1]. No workaround for unpatched installations is otherwise provided.