PT-2007-6007 · WordPress · Wordpress Mu+1

Alexander Koenig

Published

2007-09-14

Updated

2017-07-29

CVE-2007-4893

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Wordpress versions prior to 2.2.3 Wordpress multi-user (MU) versions prior to 1.2.5a

Description: The issue allows remote attackers to conduct cross-site scripting (XSS) attacks. This is achieved by modifying data to specific files, including post.php and page.php, with a no filter field.

Recommendations: For Wordpress versions prior to 2.2.3, update to version 2.2.3 or later. For Wordpress multi-user (MU) versions prior to 1.2.5a, update to version 1.2.5a or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2007-4893

Affected Products

Wordpress

Wordpress Mu

PT-2007-6007 · WordPress · Wordpress Mu+1

CVE-2007-4893

Weakness Enumeration

Related Identifiers

Affected Products

References · 14