4.3
CVE-2007-4893
- EPSS 1.52%
- Veröffentlicht 14.09.2007 18:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core <= 2.2.2 - Cross-Site Scripting
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.2.3, or a newer patched version
WordPress MU: Update to version 1.2.5a, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-2.2.2
SystemWordPress Core
≫
Produkt
WordPress MU
Version
[*, 1.2.5a)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.52% | 0.713 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://fedoranews.org/updates/FEDORA-2007-214.shtml
http://secunia.com/advisories/26771
http://secunia.com/advisories/26796
http://trac.wordpress.org/ticket/4720
http://wordpress.org/development/2007/09/wordpress-223/
http://www.securityfocus.com/bid/25639
http://www.vupen.com/english/advisories/2007/3132
https://bugzilla.redhat.com/show_bug.cgi?id=285831
https://exchange.xforce.ibmcloud.com/vulnerabilities/36576
https://www.wordfence.com/threat-intel/vulnerabilities/id/26daa367-ef73-4ae0-843e-6d5366cc4ecd