CVE-2007-2757

Name of the Vulnerable Software and Affected Versions Redoable version 1.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the s parameter to specific PHP files, including /wp-content/themes/redoable/searchloop.php and /wp-content/themes/redoable/header.php.

Recommendations For Redoable version 1.2, consider disabling access to the searchloop.php and header.php files until a patch is available. Avoid using the s parameter in the affected API endpoints until the issue is resolved.