Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4671Cross-site Scripting in Wordpress MU

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.8%
top 25.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Wordpress MUDebian Wordpress
Timeline
PublishedOct 22
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDwordpress/wordpress_mu5 versions+4

🔴Vulnerability Details

1
GHSA
GHSA-ch2p-249c-2vf6: Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs2022-05-17

💥Exploits & PoCs

1
Exploit-DB
WordPress MU 1.2/1.3 - '/wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities2008-09-29

📋Vendor Advisories

1
Debian
CVE-2008-4671: wordpress - Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress M...2008
CVE-2008-4671 — Cross-site Scripting in Wordpress MU | cvebase