CVE-2011-4899

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments

We have discovered 198,222 live websites that are affected by CVE-2011-4899.

Run a Free Instant Scan



Affected Software

Product  WordPress
Category Content Management System
Vulnerable Domains198,222 live websites (2.47% of WordPress install base)
Vulnerable Versions
  • from 0 through 3.3.1
Vulnerable Versions Count175 versions ( 21% of all versions)



Details

  • Published - Jan 30, 2012
  • Updated - Sep 16, 2024

Website Distribution by Country

Number of websites using CVE-2011-4899
United States14,139 websites


Italy52,459 websites
GB13,711 websites
Poland12,922 websites
Germany11,034 websites
Russia10,988 websites
Iran10,386 websites
Netherlands7,045 websites
Kazakhstan6,762 websites
South Africa6,631 websites

Website Distribution by TLD

Number of websites using CVE-2011-4899
.com53,657 websites
.it34,000 websites
.ru9,175 websites
.pl9,084 websites
.co.uk6,642 websites
.org5,335 websites
.net4,417 websites
.de3,574 websites
.nl3,556 websites
.se3,436 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2011-4899

Top websites that are affected by CVE-2011-4899. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*****.com United States*,***
************.org United States*,***
***********.eu Cyprus*,***
*******.org United States*,***
*************.com United States*,***
*******.**.ca Canada*,***
*********.org United States**,***
*****.com Italy**,***
***********.**.za South Africa**,***
**************.se Sweden**,***
See full domain list

FAQ

A total of 198,222 websites have been identified as vulnerable to CVE-2011-4899, based on global website indexing conducted by WebTechSurvey.
The WordPress is affected by the CVE-2011-4899 vulnerability.
WordPress versions up to and including 3.3.1 are vulnerable to CVE-2011-4899.