Published: 09/04/2007 Updated: 29/07/2017

CVSS v2 Base Score: 4.9 | Impact Score: 6.4 | Exploitability Score: 4.4

VMScore: 436

Vector: AV:A/AC:M/Au:S/C:P/I:P/A:P

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/varsphp in WordPress before 2010 RC2, and before 213 RC2 in the 21 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression ...

CWE-264 http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/http://trac.wordpress.org/ticket/4091 http://secunia.com/advisories/24751 http://www.debian.org/security/2007/dsa-1285 http://secunia.com/advisories/25108 http://www.vupen.com/english/advisories/2007/1245 https://exchange.xforce.ibmcloud.com/vulnerabilities/33470 https://nvd.nist.gov https://www.debian.org/security/./dsa-1285

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1893

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect