Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0192Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
2.3%
top 15.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJan 10
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.0.10-1 (bookworm)
Debianwordpress/wordpress< 2.0.10-1+3

🔴Vulnerability Details

2
GHSA
GHSA-x464-mxc2-8xw5: Multiple cross-site scripting (XSS) vulnerabilities in WordPress 22022-05-01
OSV
CVE-2008-0192: Multiple cross-site scripting (XSS) vulnerabilities in WordPress 22008-01-10

💥Exploits & PoCs

2
Exploit-DB
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting2008-01-03
Exploit-DB
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting2008-01-03

📋Vendor Advisories

1
Debian
CVE-2008-0192: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earli...2008
CVE-2008-0192 — Cross-site Scripting in Wordpress | cvebase