CVE-2007-4153
WordPress 2.2.1 - Authenticated Stored Cross-Site Scripting via Admin Panel Options Database Table or OPML URL Import
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35722
Product x_refsource_misc
http://codex.wordpress.org/Roles_and_Capabilities
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30013
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35720
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/46995
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1564
Exploit x_refsource_misc
http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/46994
Scores
EPSS
0.0050
EPSS Percentile
66.0%
Details
Status
published
Products (1)
wordpress/wordpress
2.2.1
Published
Aug 03, 2007
Tracked Since
Feb 18, 2026