CVE-2007-4893 in WordPressinfo

Summary

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

09/14/2007

Disclosure

09/14/2007

Moderation

VulDB entry created

Entries

2: VDB-3305

CPE

ready

CWE

CWE-352 (Confirmed)

CVSS

7.3

EPSS

0.01545

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-4893
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4893
CVE Details	https://www.cvedetails.com/cve/CVE-2007-4893/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!