CVE-2007-3544

Name of the Vulnerable Software and Affected Versions WordPress versions 2.2.1 WordPress MU version 1.2.3

Description The issue is related to an unrestricted file upload vulnerability. This allows remote authenticated users to upload and execute arbitrary PHP code. The vulnerability might be connected to the use of custom fields in normal posts and the wp postmeta table.

Recommendations For WordPress version 2.2.1, update to a version that includes a complete fix for the issue. For WordPress MU version 1.2.3, update to a version that includes a complete fix for the issue. As a temporary workaround, consider restricting file uploads to authorized users only until a patch is available.