CVE-2007-3140

WordPress 2.2 - Authenticated SQL Injection via XML-RPC wp.suggestCategories Method

Title source: llm

Description

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Slappter · textwebappsphp

https://www.exploit-db.com/exploits/4039

View Code ZIP pw:eip

References (7)

Core 7

Core References

Vendor Advisory vendor-advisory x_refsource_openpkg

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.021.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4039

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25552

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2099

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36321

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34746

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24344

Scores

EPSS 0.0257

EPSS Percentile 85.7%

Details

Status published

Products (1)

wordpress/wordpress 2.2

Published Jun 08, 2007

Tracked Since Feb 18, 2026