CVE-2007-1622

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 2.0.10 RC2 WordPress versions prior to 2.1.3 RC2 in the 2.1 series

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH INFO in the administration interface. This is related to loose regular expression processing of PHP SELF.

Recommendations For WordPress versions prior to 2.0.10 RC2, update to version 2.0.10 RC2 or later. For WordPress versions prior to 2.1.3 RC2 in the 2.1 series, update to version 2.1.3 RC2 or later.