CVE-2008-0193

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 2.0.11 WordPress versions 2.1.x through 2.3.x

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. This could potentially lead to unauthorized actions on the affected system.

Recommendations For WordPress versions prior to 2.0.11, update to a version later than 2.0.11. For WordPress versions 2.1.x through 2.3.x, consider disabling access to the wp-db-backup.php file until a patch is available, and restrict the use of the backup parameter in the wp-admin/edit.php action.