Wordpress : Security Vulnerabilities, CVEs, Published In June 2007 (XSS)
Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-06-15
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Max CVSS
4.3
EPSS Score
0.80%
Published
2007-06-15
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Max CVSS
4.3
EPSS Score
4.93%
Published
2007-06-15
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
Max CVSS
6.0
EPSS Score
0.53%
Published
2007-06-15
Updated
2018-10-16
4 vulnerabilities found