← back
CVE-2009-2335

CVE-2009-2335

EPSS 85.0%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 85.0%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
10 Jul 2009Published on NVD
20 Aug 2011Public PoC
Weaponization speed
770 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.