Descriptionwp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs510786, 513959

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wordpress (PTS)buster5.0.15+dfsg1-0+deb10u1fixed
buster (security)5.0.21+dfsg1-0+deb10u1fixed
bullseye (security)5.7.11+dfsg1-0+deb11u1fixed
bookworm (security)6.1.6+dfsg1-0+deb12u1fixed
sid, trixie6.5.2+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wordpresssource(unstable)2.3.2low510786, 513959


[etch] - wordpress <no-dsa> (Minor issue)
only the admin has manage_options capabilities by default and only editors
have upload_files capabilities
Only versions prior to 2.3.2 are affected according to the Debian maintainer

Search for package or bug name: Reporting problems