Published: 09/01/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress prior to 2.0.6 allows remote malicious users to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 2.0.2

wordpress wordpress 2.0.3

wordpress wordpress 2.0

wordpress wordpress 2.0.1

wordpress wordpress 2.0.4

wordpress wordpress 2.0.5

Vendor Advisories

Debian Bug report logs - #405691 wordpress: new upstream: 206 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Kees Cook <kees@outfluxnet> Date: Fri, 5 Jan 2007 17:18:21 UTC Severity: grave Tags: security Fo ...