CVE-2007-1732

Name of the Vulnerable Software and Affected Versions: WordPress version 2.1.2

Description: A cross-site scripting (XSS) issue exists, potentially allowing remote authenticated administrators to inject arbitrary web script or HTML. The issue is related to the demo parameter in the wp-admin/admin.php file. However, the legitimacy of this issue is disputed by another researcher, who claims it is a legitimate functionality for administrators.

Recommendations: For WordPress version 2.1.2, update to a version that includes the patch for this issue, as it has been patched by at least one vendor.