cbcvebase.
CVE-2007-3543
published 2007-07-03

CVE-2007-3543: Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute…

PriorityP430medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
1.65%
73.6th percentile
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianwordpress< wordpress 2.2.1-1 (bookworm)wordpress 2.2.1-1 (bookworm)
debianwordpress< wordpress 2.2.2-1 (bookworm)wordpress 2.2.2-1 (bookworm)
wordpresswordpress<= 2.2.0
wordpresswordpress>= 0 < 2.2.2-12.2.2-1
wordpresswordpress>= 0 < 2.2.1-12.2.1-1
wordpresswordpress>= 0 < 2.2.2-12.2.2-1
wordpresswordpress>= 0 < 2.2.1-12.2.1-1
wordpresswordpress>= 0 < 2.2.2-12.2.2-1
wordpresswordpress>= 0 < 2.2.1-12.2.1-1
wordpresswordpress>= 0 < 2.2.2-12.2.2-1
wordpresswordpress>= 0 < 2.2.1-12.2.1-1
wordpresswordpress_mu<= 1.2.2

CVSS provenance

nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM
vendor_debian6.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.