CVE-2007-0106

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 2.0.6

Description A cross-site scripting (XSS) issue exists in the CSRF protection scheme, allowing remote attackers to inject arbitrary web script or HTML. This is achieved through a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when generating a new link to verify the request.

Recommendations For WordPress versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.