CVE-2007-3239

Name of the Vulnerable Software and Affected Versions: AndyBlue theme version prior to 20070607 for WordPress

Description: A cross-site scripting (XSS) issue exists in the searchform.php file of the AndyBlue theme, allowing remote attackers to inject arbitrary web script or HTML via the PHP SELF portion of a URI to index.php. This can potentially be leveraged for PHP code execution in an administrative session.

Recommendations: For versions prior to 20070607, update to version 20070607 or later to resolve the issue. As a temporary workaround, consider restricting access to the searchform.php file to minimize the risk of exploitation.