Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme prior to 20070607 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 2.2 |