CVE-2008-5695

Name: CVE-2008-5695
Creator: NVD / NIST
Published: 2008-12-19T18:30:00.467+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 12.01%

Last modified Jun 16, 2026

CVE-2008-5695 is a vulnerability of currently unknown severity. wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.. EPSS estimates a 12.01% chance of exploitation in the next 30 days.

Description

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

Metrics

EPSS Probability

12.01%

95.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Wordpress	Wordpress	<= 2.3.2
Wordpress	Wordpress Mu	< 1.3.2

References

http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1Release Notes, Vendor Advisory
http://secunia.com/advisories/28789Third Party Advisory
http://securityreason.com/securityalert/4798Third Party Advisory
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.htmlExploit, Third Party Advisory
http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txtExploit, Third Party Advisory
http://www.securityfocus.com/bid/27633Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/5066Exploit, Third Party Advisory, VDB Entry
http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1Release Notes, Vendor Advisory
http://secunia.com/advisories/28789Third Party Advisory
http://securityreason.com/securityalert/4798Third Party Advisory
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.htmlExploit, Third Party Advisory
http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txtExploit, Third Party Advisory
http://www.securityfocus.com/bid/27633Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/5066Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Dec 19, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-5695?

How severe is CVE-2008-5695?

Severity scoring for CVE-2008-5695 is pending analysis. The EPSS model estimates a 12.01% probability of exploitation in the next 30 days.

How do I fix CVE-2008-5695?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-5695?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST