Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hamd-mn9k-q3f5
Vulnerability ID VCID-hamd-mn9k-q3f5
Aliases CVE-2008-4769
Summary Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
Status Published
Exploitability 2.0
Weighted Severity 8.4
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
epss 0.1766 https://api.first.org/data/v1/epss?cve=CVE-2008-4769
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2008-4769
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2008-4769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4769
http://secunia.com/advisories/29949
https://exchange.xforce.ibmcloud.com/vulnerabilities/41920
http://trac.wordpress.org/changeset/7586
http://www.debian.org/security/2009/dsa-1871
http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html
http://www.securityfocus.com/bid/28845
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.6.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.0.1-miles:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.0.1-miles:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.0.2-blakey:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.0.2-blakey:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.0-platinum:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.0-platinum:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.2:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.2:beta:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.2-delta:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.2-delta:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.2-mingus:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.2-mingus:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.5-strayhorn:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.5-strayhorn:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:1.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.10_rc2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.10_rc2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.3_rc2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.3_rc2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1:alpha_3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1:alpha_3:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2_revision5002:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2_revision5002:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2_revision5003:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2_revision5003:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.1:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*
CVE-2008-4769 https://nvd.nist.gov/vuln/detail/CVE-2008-4769
CVE-2008-4769;OSVDB-44591 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/31670.txt
CVE-2008-4769;OSVDB-44591 Exploit https://www.securityfocus.com/bid/28845/info
Data source Exploit-DB
Date added April 18, 2008
Description WordPress Core 2.3.3 - 'cat' Directory Traversal
Ransomware campaign use Known
Source publication date April 18, 2008
Exploit type webapps
Platform php
Source update date May 4, 2017
Source URL https://www.securityfocus.com/bid/28845/info
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4769
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95071
EPSS Score 0.1766
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T16:30:29.602487+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.0.0