Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1244Cross-site Scripting in Wordpress

7 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
8.0%
top 7.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedMar 3
Latest updateMay 1

Description

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.1.2-1 (bookworm)
Debianwordpress/wordpress< 2.1.2-1+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-pj8j-hmc8-6q85: Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 22022-05-01
OSV
CVE-2007-1244: Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 22007-03-03

💥Exploits & PoCs

2
Exploit-DB
Barcodewiz ActiveX Control 2.0 - 'Barcodewiz.dll' Remote Buffer Overflow (PoC)2007-05-09
Exploit-DB
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting2007-02-26

📋Vendor Advisories

1
Debian
CVE-2007-1244: wordpress - Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2...2007

💬Community

1
Bugzilla
CVE-2007-1244: wordpress 2.1.1 (others?) CSRF2007-03-04
CVE-2007-1244 — Cross-site Scripting in Wordpress | cvebase