CVE-2004-1559

Name of the Vulnerable Software and Affected Versions Wordpress version 1.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to different PHP files. This includes the redirect to, text, popupurl, or popuptitle parameters to 'wp-login.php', the redirect url parameter to 'admin-header.php', the popuptitle, popupurl, content, or post title parameters to 'bookmarklet.php', the cat ID parameter to 'categories.php', the s parameter to 'edit.php', or the s or mode parameter to 'edit-comments.php'.

Recommendations For Wordpress version 1.2, as a temporary workaround, consider restricting access to the parameters redirect to, text, popupurl, popuptitle, redirect url, popuptitle, popupurl, content, post title, cat ID, s, and mode in their respective PHP files until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.