CVE-2007-1897
Wordpress < 2.1.2 - SQL Injection
Title source: ruleDescription
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Sumit Siddharth · perlwebappsphp
https://www.exploit-db.com/exploits/3656
References (8)
Scores
EPSS
0.0259
EPSS Percentile
85.6%
Details
CWE
CWE-89
Status
published
Products (3)
wordpress/wordpress
2.1
wordpress/wordpress
2.1.1
wordpress/wordpress
< 2.1.2
Published
Apr 09, 2007
Tracked Since
Feb 18, 2026