Published: 03/03/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and previous versions allows remote malicious users to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

Debian Bug report logs - #437085 CVE-2007-1599: wp-loginphp allows remote attackers to redirect authenticated users to other websites Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@sko ...

source: wwwsecurityfocuscom/bid/22735/info Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user This may help the attacker steal cookie-based authentica ...

NVD-CWE-Other http://www.securityfocus.com/bid/22735 http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml http://secunia.com/advisories/24566 http://osvdb.org/33787 http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0583.html http://osvdb.org/33788 https://exchange.xforce.ibmcloud.com/vulnerabilities/32703 http://www.securityfocus.com/archive/1/461351/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437085 https://nvd.nist.gov https://www.exploit-db.com/exploits/29682/

CVE-2007-1244

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect