CVE-2008-3747

CVE-2008-3747 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.

Learn more about our Wordpress Pen Testing.