CVE-2006-0733

WordPress 2.0.0 - Stored Cross-Site Scripting via Author Website Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0733. PoCs published by imei.

AI-analyzed exploit summary The provided text describes an HTML injection vulnerability in WordPress 2.0.0, where attacker-supplied HTML and script code can be executed in the context of the affected website. An example payload is included to demonstrate the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability

Exploits (1)

exploitdb WRITEUP VERIFIED
by imei · textwebappsphp
https://www.exploit-db.com/exploits/27227

The provided text describes an HTML injection vulnerability in WordPress 2.0.0, where attacker-supplied HTML and script code can be executed in the context of the affected website. An example payload is included to demonstrate the vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: WordPress 2.0.0
No auth needed
Prerequisites: Access to a vulnerable WordPress installation
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24736
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16656
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425043/100/0/threaded

Scores

EPSS 0.0472
EPSS Percentile 90.7%

Details

Status published
Products (1)
wordpress/wordpress 2.0
Published Feb 16, 2006
Tracked Since Feb 18, 2026