Back to search
CVE-2007-4893
Published: Sep 14, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://trac.wordpress.org/ticket/4720
x_refsource_CONFIRM
ADV-2007-3132
vdb-entry
x_refsource_VUPEN
FEDORA-2007-2143
vendor-advisory
x_refsource_FEDORA
wordpress-wordpressmu-unfilteredhtml-xss(36576)
vdb-entry
x_refsource_XF
http://wordpress.org/development/2007/09/wordpress-223/
x_refsource_CONFIRM
26771
third-party-advisory
x_refsource_SECUNIA
25639
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=285831
x_refsource_MISC
26796
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now