CVE-2007-4154

Name of the Vulnerable Software and Affected Versions WordPress version 2.2.1

Description A SQL injection issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via the page options parameter to various components, including options-general.php, options-writing.php, options-reading.php, options-discussion.php, options-privacy.php, options-permalink.php, and options-misc.php.

Recommendations For WordPress version 2.2.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the page options parameter in the affected components to minimize the risk of exploitation.