CVE-2007-1622Cross-site Scripting in Wordpress

14 documents5 sources
Severity
6.8MEDIUMNVD
NVD6.0NVD4.3OSV4.3
EPSS
3.3%
top 12.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedMar 23
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.2.2-1 (bookworm)+1
Debianwordpress/wordpress< 2.2.2-1+7
NVDwordpress/wordpress15 versions+14

Patches

Patch: www.buayacorp.comPatch: www.buayacorp.com

🔴Vulnerability Details

6
GHSA
GHSA-vrh3-hvpj-7864: Cross-site scripting (XSS) vulnerability in sidebar2022-05-01
GHSA
GHSA-m9f5-gr48-mmfx: Cross-site scripting (XSS) vulnerability in wp-admin/vars2022-05-01
GHSA
GHSA-2hmc-pm44-rgw4: Cross-site scripting (XSS) vulnerability in functions2022-05-01
OSV
CVE-2007-3238: Cross-site scripting (XSS) vulnerability in functions2007-06-15
OSV
CVE-2007-2627: Cross-site scripting (XSS) vulnerability in sidebar2007-05-11

📋Vendor Advisories

3
Debian
CVE-2007-2627: wordpress - Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custo...2007
Debian
CVE-2007-3238: wordpress - Cross-site scripting (XSS) vulnerability in functions.php in the default theme i...2007
Debian
CVE-2007-1622: wordpress - Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress befor...2007

💬Community

2
Bugzilla
CVE-2007-2627: wordpress sidebar.php XSS2007-05-12
Bugzilla
CVE-2007-1599, CVE-2007-1622: wordpress vulnerabilities2007-03-23
CVE-2007-1622 — Cross-site Scripting in Wordpress | cvebase