CVE-2008-2392
EPSS 1.9%
Description
Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
How to fix CVE-2008-2392
To remediate CVE-2008-2392, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 2.5.1-4 or later
Is CVE-2008-2392 being exploited?
Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.5.1-4