WordPress · Wordpress Mu · CVE-2007-4893
Name of the Vulnerable Software and Affected Versions:
Wordpress versions prior to 2.2.3
Wordpress multi-user (MU) versions prior to 1.2.5a
Description:
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks. This is achieved by modifying data to specific files, including post.php and page.php, with a no filter field.
Recommendations:
For Wordpress versions prior to 2.2.3, update to version 2.2.3 or later.
For Wordpress multi-user (MU) versions prior to 1.2.5a, update to version 1.2.5a or later.