4.3
CVSSv2

CVE-2007-1622

Published: 23/03/2007 Updated: 21/11/2024

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress prior to 2.0.10 RC2, and prior to 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 2.0

wordpress wordpress 2.0.1

wordpress wordpress 2.0.2

wordpress wordpress 2.0.3

wordpress wordpress 2.0.4

wordpress wordpress 2.0.5

wordpress wordpress 2.0.6

wordpress wordpress 2.0.7

wordpress wordpress 2.0.10

wordpress wordpress 2.0.10 rc1

wordpress wordpress 2.1

wordpress wordpress 2.1.1

wordpress wordpress 2.1.2

wordpress wordpress 2.1.3 rc1

Vendor Advisories

Debian Bug report logs - #437085 CVE-2007-1599: wp-loginphp allows remote attackers to redirect authenticated users to other websites Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@sko ...
CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/varsphp in WordPress before 2010 RC2, and before 213 RC2 in the 21 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression ...

Exploits

source: wwwsecurityfocuscom/bid/23027/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user This may help the attacker steal cookie-based authentica ...