Vulnerabilities > CVE-2007-1244 - Cross-Site Scripting vulnerability in Wordpress

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
wordpress
nessus
exploit available
NVD
Published: 2007-03-03
Updated: 2018-10-16

Summary

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

Vulnerable Configurations

Part Description Count
Application
Wordpress
90

Exploit-Db

descriptionWordpress 2.1.1 Post.PHP Cross-Site Scripting Vulnerability. CVE-2007-1244. Webapps exploit for php platform
idEDB-ID:29682
last seen2016-02-03
modified2007-02-26
published2007-02-26
reporterSamenspender
sourcehttps://www.exploit-db.com/download/29682/
titleWordPress 2.1.1 - Post.PHP Cross-Site Scripting Vulnerability

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200703-23.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200703-23 (WordPress: Multiple vulnerabilities) WordPress contains cross-site scripting or cross-site scripting forgery vulnerabilities reported by: g30rg3_x in the
last seen2020-06-01
modified2020-06-02
plugin id24889
published2007-03-26
reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/24889
titleGLSA-200703-23 : WordPress: Multiple vulnerabilities

References