Description
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Juan Galiana Lara · textwebappsphp
https://www.exploit-db.com/exploits/8196
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34075
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021838
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49184
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501667/100/0/threaded
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=126996727024732&w=2
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8196
Scores
EPSS
0.0178
EPSS Percentile
82.8%
Details
CWE
CWE-79
Status
published
Products (21)
wordpress/wordpress_mu
1.0 (5 CPE variants)
wordpress/wordpress_mu
1.1
wordpress/wordpress_mu
1.1.1
wordpress/wordpress_mu
1.2
wordpress/wordpress_mu
1.2.1
wordpress/wordpress_mu
1.2.2
wordpress/wordpress_mu
1.2.3
wordpress/wordpress_mu
1.2.4 (2 CPE variants)
wordpress/wordpress_mu
1.2.5a
wordpress/wordpress_mu
1.3
... and 11 more
Published
Mar 20, 2009
Tracked Since
Feb 18, 2026