PT-2007-4802 · Automattic · Wordpress Mu+1

Alexander Concha

Published

2007-07-03

Updated

2013-09-08

CVE-2007-3544

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WordPress versions 2.2.1 WordPress MU version 1.2.3

Description The issue is related to an unrestricted file upload vulnerability. This allows remote authenticated users to upload and execute arbitrary PHP code. The vulnerability might be connected to the use of custom fields in normal posts and the wp postmeta table.

Recommendations For WordPress version 2.2.1, update to a version that includes a complete fix for the issue. For WordPress MU version 1.2.3, update to a version that includes a complete fix for the issue. As a temporary workaround, consider restricting file uploads to authorized users only until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3544

Affected Products

Wordpress

Wordpress Mu

PT-2007-4802 · Automattic · Wordpress Mu+1

CVE-2007-3544

Related Identifiers

Affected Products

References · 7