CVE-2008-5695

N/A Unknown
Published: December 19, 2008 Modified: April 23, 2026
View on NVD

Description

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1
Source: cve@mitre.org
Release Notes Vendor Advisory
http://secunia.com/advisories/28789
Source: cve@mitre.org
Third Party Advisory
http://securityreason.com/securityalert/4798
Source: cve@mitre.org
Third Party Advisory
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html
Source: cve@mitre.org
Exploit Third Party Advisory
http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt
Source: cve@mitre.org
Exploit Third Party Advisory
http://www.securityfocus.com/bid/27633
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/5066
Source: cve@mitre.org
Exploit Third Party Advisory VDB Entry
http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Vendor Advisory
http://secunia.com/advisories/28789
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securityreason.com/securityalert/4798
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
http://www.securityfocus.com/bid/27633
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/5066
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry

14 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
16.4%
95th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

wordpress

Related CVEs

CVE-2026-41907 N/A
CVE-2026-41894 N/A
CVE-2026-41492 9.8
CVE-2026-41421 8.8
CVE-2026-41419 7.6