Vulnerabilities > CVE-2007-4482 - Cross-Site Scripting vulnerability in Wordpress Pool 1.0.7

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

wordpress

exploit available

NVD

Published: 2007-08-22

Updated: 2018-10-15

Summary

Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

Vulnerable Configurations

Part	Description	Count
Application	Wordpress Wordpress Pool 1.0.7	1

Exploit-Db

description	WordPress 1.0.7 Pool Index.PHP Cross-Site Scripting Vulnerability. CVE-2007-4482. Webapps exploit for php platform
id	EDB-ID:30520
last seen	2016-02-03
modified	2007-08-13
published	2007-08-13
reporter	MustLive
source	https://www.exploit-db.com/download/30520/
title	WordPress 1.0.7 - Pool Index.PHP Cross-Site Scripting Vulnerability

References

http://osvdb.org/37299
http://secunia.com/advisories/26563
http://securityvulns.ru/Rdocument771.html
http://websecurity.com.ua/1238/
http://www.securityfocus.com/archive/1/477253/100/0/threaded