CVE-2007-1277

Name of the Vulnerable Software and Affected Versions WordPress version 2.1.1

Description The issue allows remote attackers to execute arbitrary commands. This is achieved through an eval injection vulnerability in the ix parameter to "wp-includes/feed.php" and an untrusted passthru call in the iz parameter to "wp-includes/theme.php".

Recommendations For WordPress version 2.1.1, consider removing or restricting access to the affected files "wp-includes/feed.php" and "wp-includes/theme.php" to minimize the risk of exploitation. Avoid using the ix and iz parameters in the respective API endpoints until the issue is resolved.