Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3233Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 35.36%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJul 18
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDwordpress/wordpress2.5.1+53

🔴Vulnerability Details

1
GHSA
GHSA-v4ff-vj6q-v2w9: Cross-site scripting (XSS) vulnerability in WordPress before 22022-05-01

💥Exploits & PoCs

1
Exploit-DB
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities2008-07-15

📋Vendor Advisories

1
Debian
CVE-2008-3233: wordpress - Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN developmen...2008
CVE-2008-3233 — Cross-site Scripting in Wordpress | cvebase