Vulnerabilities

CVE-2007-4893

by Fred · 14/09/2007

wp-admin/admin-functions.php in WordPress before 2.2.3 and WordPress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.

Date published : 2007-09-14

http://www.securityfocus.com/bid/25639

http://trac.wordpress.org/ticket/4720

Similar

Tags: Cybersecurity Alert