CVE-2007-4482

WordPress Pool 1.0.7 - Cross-Site Scripting via PATH_INFO

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4482. PoCs published by MustLive.

AI-analyzed exploit summary The provided code is a writeup describing a cross-site scripting (XSS) vulnerability in WordPress Pool. It includes a proof-of-concept URL demonstrating how arbitrary script code can be executed in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

Exploits (1)

exploitdb WRITEUP VERIFIED
by MustLive · textwebappsphp
https://www.exploit-db.com/exploits/30520

The provided code is a writeup describing a cross-site scripting (XSS) vulnerability in WordPress Pool. It includes a proof-of-concept URL demonstrating how arbitrary script code can be executed in the context of the affected site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Pool (version not specified)
No auth needed
Prerequisites: Access to a vulnerable WordPress Pool installation
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477253/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37299
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26563
Various Sources x_refsource_misc
http://websecurity.com.ua/1238/
Various Sources x_refsource_misc
http://securityvulns.ru/Rdocument771.html

Scores

EPSS 0.0093
EPSS Percentile 76.3%

Details

Status published
Products (1)
wordpress/pool 1.0.7
Published Aug 22, 2007
Tracked Since Feb 18, 2026