Description
Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35821
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25215
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26321
Various Sources x_refsource_confirm
http://xuyiyang.com/2007/06/29/unnamed-1-217/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36604
Scores
EPSS
0.0070
EPSS Percentile
72.2%
Details
Status
published
Products (2)
wordpress/unamed_theme
1.217
wordpress/unamed_theme_se
1.02
Published
Aug 07, 2007
Tracked Since
Feb 18, 2026