CVE-2009-2335

CVE Database · CVE-2009-2335

CVE-2009-2335

· N/AModified

CVSS v3.1

N/A

EPSS

85.00%

Published

Jul 10, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBWordPress Plugin Block-Spam-By-Math-Reloaded - Bypass TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Weaknesses (CWE)

CWE-16

Affected Products (2)

wordpress · wordpress (up to 2.8.1)vulnerable

wordpress · wordpress_mu (up to 2.8.1)vulnerable

References (20)

http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked

ExploitThird Party Advisory

http://securitytracker.com/id?1022528

Third Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/9110

Third Party AdvisoryVDB Entry

http://www.osvdb.org/55713

Broken Link

http://www.securityfocus.com/archive/1/504795/100/0/threaded

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/35581

KEV Catalog EPSS Scores Vendors All CVEs