Red Hat Bugzilla – Bug 460416
CVE-2008-3747 wordpress: insufficient SSL communication enforcement
Last modified: 2010-03-29 07:12:21 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3747 to the following vulnerability:
The (1) get_edit_post_link and (2) get_edit_comment_link functions in
wp-includes/link-template.php in WordPress before 2.6.1 do not force
SSL communication in the intended situations, which might allow remote
attackers to gain administrative access by sniffing the network for a
Upstream bug report:
Fixed upstream in: 2.6.1
I am working on it for F-9, F-8 and EL-5.
wordpress-2.6.1-1.fc9 has been submitted as an update for Fedora 9.
wordpress-2.6.1-1.fc8 has been submitted as an update for Fedora 8.
wordpress-2.6.1-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-2.6.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.