First published: Fri Sep 14 2007(Updated: )
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | =2.0 | |
WordPress WordPress | =2.1.1 | |
WordPress WordPress | =2.1.3_rc2 | |
WordPress WordPress | =2.0.2 | |
WordPress WordPress | =2.0.10_rc1 | |
WordPress WordPress | =2.0.6 | |
WordPress WordPress | =2.0.1 | |
WordPress WordPress | =2.0.4 | |
WordPress WordPress | =2.2_revision5003 | |
WordPress WordPress | =0.6.2.1 | |
WordPress WordPress | =2.2 | |
WordPress WordPress | =1.2.1 | |
WordPress WordPress | =0.7 | |
WordPress WordPress | =2.1.3 | |
WordPress WordPress | =2.0.7 | |
WordPress WordPress | =2.1.2 | |
WordPress WordPress | =0.71 | |
WordPress WordPress | =2.0.5 | |
WordPress WordPress | =0.6.2 | |
WordPress WordPress | =2.2.2 | |
WordPress WordPress | =2.2.1 | |
WordPress WordPress | =2.0.10_rc2 | |
WordPress WordPress | =2.0.3 | |
WordPress WordPress | =1.5.1.2 | |
WordPress WordPress | =1.2 | |
WordPress WordPress | =2.1.3_rc1 | |
WordPress WordPress | =1.2.2 | |
WordPress WordPress | =1.5 | |
WordPress WordPress | =1.5.1 | |
WordPress WordPress | =1.5.1.3 | |
WordPress WordPress | =2.2_revision5002 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.