CVE-2007-1622: XSS
First published: Fri Mar 23 2007(Updated: )
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress | =2.0 | |
| WordPress | =2.0.1 | |
| WordPress | =2.0.2 | |
| WordPress | =2.0.3 | |
| WordPress | =2.0.4 | |
| WordPress | =2.0.5 | |
| WordPress | =2.0.6 | |
| WordPress | =2.0.7 | |
| WordPress | =2.0.10 | |
| WordPress | =2.0.10_rc1 | |
| WordPress | =2.1 | |
| WordPress | =2.1.1 | |
| WordPress | =2.1.2 | |
| WordPress | =2.1.3_rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/24567
- http://secunia.com/advisories/25108
- http://sla.ckers.org/forum/read.php?2,7935#msg-8006
- http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt
- http://www.debian.org/security/2007/dsa-1285
- http://www.securityfocus.com/bid/23027
- http://www.vupen.com/english/advisories/2007/1005
- http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006
Frequently Asked Questions
What is the severity of CVE-2007-1622?
CVE-2007-1622 has a medium severity rating due to its impact on the security of WordPress admin interface.
How do I fix CVE-2007-1622?
To fix CVE-2007-1622, upgrade WordPress to version 2.0.10 or later, or 2.1.3 RC2 or later.
What type of vulnerability is CVE-2007-1622?
CVE-2007-1622 is a cross-site scripting (XSS) vulnerability affecting WordPress.
Who is affected by CVE-2007-1622?
Remote authenticated users with theme privileges in WordPress prior to the patched versions are affected by CVE-2007-1622.
What versions of WordPress are affected by CVE-2007-1622?
WordPress versions prior to 2.0.10 and 2.1.3 RC2 are affected by CVE-2007-1622.
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/wordpress
- canonical/wordpress
- version/wordpress/2.0
- version/wordpress/2.0.1
- version/wordpress/2.0.2
- version/wordpress/2.0.3
- version/wordpress/2.0.4
- version/wordpress/2.0.5
- version/wordpress/2.0.6
- version/wordpress/2.0.7
- version/wordpress/2.0.10
- version/wordpress/2.0.10_rc1
- version/wordpress/2.1
- version/wordpress/2.1.1
- version/wordpress/2.1.2
- version/wordpress/2.1.3_rc1