CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2853

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile12.49th
PublishedAug 18, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.

Affected Platforms (CPE)

πŸ“¦
Wordpress

Wordpress

= 0.71
πŸ“¦
Wordpress

Wordpress

= 0.71
πŸ“¦
Wordpress

Wordpress

= 0.71
πŸ“¦
Wordpress

Wordpress

= 0.72
πŸ“¦
Wordpress

Wordpress

= 0.72
πŸ“¦
Wordpress

Wordpress

= 0.72
πŸ“¦
Wordpress

Wordpress

= 0.72
πŸ“¦
Wordpress

Wordpress

= 0.711
πŸ“¦
Wordpress

Wordpress

= 1.0
πŸ“¦
Wordpress

Wordpress

= 1.0.1
πŸ“¦
Wordpress

Wordpress

= 1.0.1
πŸ“¦
Wordpress

Wordpress

= 1.2
πŸ“¦
Wordpress

Wordpress

= 1.2
πŸ“¦
Wordpress

Wordpress

= 1.2
πŸ“¦
Wordpress

Wordpress

= 1.2.1
πŸ“¦
Wordpress

Wordpress

= 1.2.2
πŸ“¦
Wordpress

Wordpress

= 1.5
πŸ“¦
Wordpress

Wordpress

= 1.5.1
πŸ“¦
Wordpress

Wordpress

= 1.5.1.3
πŸ“¦
Wordpress

Wordpress

= 1.5.2
πŸ“¦
Wordpress

Wordpress

= 2.0
πŸ“¦
Wordpress

Wordpress

= 2.0.1
πŸ“¦
Wordpress

Wordpress

= 2.0.2
πŸ“¦
Wordpress

Wordpress

= 2.0.3
πŸ“¦
Wordpress

Wordpress

= 2.0.4
πŸ“¦
Wordpress

Wordpress

= 2.0.5
πŸ“¦
Wordpress

Wordpress

= 2.0.6
πŸ“¦
Wordpress

Wordpress

= 2.0.7
πŸ“¦
Wordpress

Wordpress

= 2.0.9
πŸ“¦
Wordpress

Wordpress

= 2.0.10
πŸ“¦
Wordpress

Wordpress

= 2.0.11
πŸ“¦
Wordpress

Wordpress

= 2.1
πŸ“¦
Wordpress

Wordpress

= 2.1.1
πŸ“¦
Wordpress

Wordpress

= 2.1.1
πŸ“¦
Wordpress

Wordpress

= 2.1.2
πŸ“¦
Wordpress

Wordpress

= 2.1.3
πŸ“¦
Wordpress

Wordpress

= 2.2
πŸ“¦
Wordpress

Wordpress

= 2.2.1
πŸ“¦
Wordpress

Wordpress

= 2.2.2
πŸ“¦
Wordpress

Wordpress

= 2.2.3
πŸ“¦
Wordpress

Wordpress

= 2.3
πŸ“¦
Wordpress

Wordpress

= 2.3
πŸ“¦
Wordpress

Wordpress

= 2.3
πŸ“¦
Wordpress

Wordpress

= 2.3.1
πŸ“¦
Wordpress

Wordpress

= 2.3.1
πŸ“¦
Wordpress

Wordpress

= 2.3.2
πŸ“¦
Wordpress

Wordpress

= 2.5
πŸ“¦
Wordpress

Wordpress

= 2.5.1
πŸ“¦
Wordpress

Wordpress

= 2.6
πŸ“¦
Wordpress

Wordpress

= 2.6.1
πŸ“¦
Wordpress

Wordpress

= 2.6.2
πŸ“¦
Wordpress

Wordpress

= 2.6.3
πŸ“¦
Wordpress

Wordpress

= 2.7
πŸ“¦
Wordpress

Wordpress

= 2.7.1
πŸ“¦
Wordpress

Wordpress

= 2.8
πŸ“¦
Wordpress

Wordpress

= 2.8.1
πŸ“¦
Wordpress

Wordpress

= 2.8.2

References & Advisories

πŸ”— http://core.trac.wordpress.org/changeset/11768
πŸ”— http://core.trac.wordpress.org/changeset/11769
πŸ”— http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/
πŸ”— http://www.debian.org/security/2009/dsa-1871
πŸ”— http://www.openwall.com/lists/oss-security/2009/08/04/5
πŸ”— http://core.trac.wordpress.org/changeset/11768
πŸ”— http://core.trac.wordpress.org/changeset/11769
πŸ”— http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/

Related Vulnerabilities

CVE-2020-2418610.0

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe...

CVE-2020-2521310.0

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod...

CVE-2019-1693210.0

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.

CVE-2020-3548910.0

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code executio...