CVE-2007-4544Cross-Site Request Forgery in Wordpress MU

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 63.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wordpress MU
Timeline
PublishedAug 27
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-3v25-95xx-r27w: Cross-site scripting (XSS) vulnerability in wp-newblog2022-05-01

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation2007-01-29
CVE-2007-4544 — Cross-Site Request Forgery in Wordpress | cvebase