CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. CVE-2007-1893 WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to publish a previously saved post. CVE-2007-1894 Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. CVE-2007-1897 SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. For the stable distribution (etch) these issues have been fixed in version 2.0.10-1. For the testing and unstable distributions (lenny and sid, respectively), these issues have been fixed in version 2.1.3-1. We recommend that you upgrade your wordpress package.
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
WordPress 2.1.2, and probably earlier, allows remote authenticated
users with the contributor role to bypass intended access restrictions
and invoke the publish_posts functionality, which can be used to
publish a previously saved post.
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
For the stable distribution (etch) these issues have been fixed in version 2.0.10-1.
For the testing and unstable distributions (lenny and sid, respectively), these issues have been fixed in version 2.1.3-1.
We recommend that you upgrade your wordpress package.
MD5 checksums of the listed files are available in the original advisory.
Vulmon