CVE-2007-0233

Name of the Vulnerable Software and Affected Versions WordPress versions 2.0.6 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is due to the failure to properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value. The tb id parameter is specifically vulnerable to this issue.

Recommendations For WordPress versions 2.0.6 and earlier, consider disabling access to the wp-trackback.php file until a proper fix is applied, as a temporary workaround to minimize the risk of exploitation.