CVE-2011-4899
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments
We have discovered 254,250 live websites that are affected by CVE-2011-4899.
Affected Software
| Product |  WordPress |
| Category | Content Management System |
| Vulnerable Domains | 254,250 live websites (2.76% of WordPress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 174 versions ( 18.69% of all versions) |
Details
- Published - Jan 30, 2012
- Updated - Sep 16, 2024
CVE References
CVE-2011-4899 usage by Country
 United States | 17,182 websites |
 Italy | 65,782 websites |
 Australia | 24,666 websites |
 GB | 16,440 websites |
 Poland | 11,323 websites |
 Germany | 11,056 websites |
 Netherlands | 11,034 websites |
 Iran | 9,050 websites |
 Russia | 9,004 websites |
 South Africa | 8,782 websites |
CVE-2011-4899 usage by TLD
| .com | 66,069 websites |
| .it | 43,049 websites |
| .com.au | 16,932 websites |
| .co.uk | 8,904 websites |
| .pl | 8,018 websites |
| .ru | 7,713 websites |
| .org | 7,069 websites |
| .nl | 6,425 websites |
| .net | 6,017 websites |
| .at | 4,924 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2011-4899
Top websites that are affected by CVE-2011-4899. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com | United States | *,*** | |
| *************.com | United States | *,*** | |
| *******.**.ca |  Canada | *,*** | |
| **************.********.com | United States | **,*** | |
| ***********.com | Italy | **,*** | |
| ***********.**.za | South Africa | **,*** | |
| ********.com |  Serbia | **,*** | |
| ***************.com | Italy | **,*** | |
| ************.com | Italy | **,*** | |
| ********.com | United States | **,*** |
FAQ
A total of 254,250 websites have been identified as vulnerable to CVE-2011-4899, discovered through global website indexing conducted by WebTechSurvey.
WordPress is susceptible to CVE-2011-4899 vulnerability.
WordPress versions before 3.3.1 are vulnerable to CVE-2011-4899.
Version 3.3.1 of WordPress addresses the CVE-2011-4899 security vulnerability.