Published: 23/03/2007 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress prior to 2.0.10 RC2, and prior to 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 2.0
wordpress wordpress 2.1.1
wordpress wordpress 2.0.2
wordpress wordpress 2.1
wordpress wordpress 2.0.10_rc1
wordpress wordpress 2.0.6
wordpress wordpress 2.0.1
wordpress wordpress 2.0.4
wordpress wordpress 2.0.7
wordpress wordpress 2.1.2
wordpress wordpress 2.0.5
wordpress wordpress 2.0.3
wordpress wordpress 2.1.3_rc1
wordpress wordpress 2.0.10

Debian Bug report logs - #437085 CVE-2007-1599: wp-loginphp allows remote attackers to redirect authenticated users to other websites Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@sko ...

CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/varsphp in WordPress before 2010 RC2, and before 213 RC2 in the 21 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression ...

source: wwwsecurityfocuscom/bid/23027/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user This may help the attacker steal cookie-based authentica ...

NVD-CWE-Other http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt http://secunia.com/advisories/24567 http://www.debian.org/security/2007/dsa-1285 http://secunia.com/advisories/25108 http://www.securityfocus.com/bid/23027 http://www.vupen.com/english/advisories/2007/1005 http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437085 https://nvd.nist.gov https://www.exploit-db.com/exploits/29754/https://www.debian.org/security/./dsa-1285

CVE-2007-1622

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect