Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0193Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.9%
top 16.91%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJan 10
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.1.0-1 (bookworm)
Debianwordpress/wordpress< 2.1.0-1+3
NVDwordpress/wordpress2.0.11+14

🔴Vulnerability Details

2
GHSA
GHSA-2q33-97fp-mrjr: Cross-site scripting (XSS) vulnerability in wp-db-backup2022-05-01
OSV
CVE-2008-0193: Cross-site scripting (XSS) vulnerability in wp-db-backup2008-01-10

💥Exploits & PoCs

1
Exploit-DB
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting2008-01-03

📋Vendor Advisories

1
Debian
CVE-2008-0193: wordpress - Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11...2008
CVE-2008-0193 — Cross-site Scripting in Wordpress | cvebase