4.3
CVE-2007-1622
- EPSS 5.78%
- Veröffentlicht 23.03.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core <= 2.1.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 2.0.10, 2.1.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-2.0.9
Version
2.1-2.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.78% | 0.921 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/24567
http://secunia.com/advisories/25108
http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006
http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt
http://www.debian.org/security/2007/dsa-1285
http://www.securityfocus.com/bid/23027
http://www.vupen.com/english/advisories/2007/1005
https://www.wordfence.com/threat-intel/vulnerabilities/id/a6074c97-619d-4f47-97c7-781c7a38019d