CVE-2007-4139

Name of the Vulnerable Software and Affected Versions WordPress version 2.2.1

Description A cross-site scripting issue exists in the Temporary Uploads editing functionality, specifically in the wp-admin/includes/upload.php file. This allows remote attackers to inject arbitrary web script or HTML via the style parameter to "wp-admin/upload.php".

Recommendations For WordPress version 2.2.1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the "wp-admin/upload.php" endpoint until a patch is available. Avoid using the style parameter in the affected endpoint until the issue is resolved.