Cross-Site Scripting Vulnerability in WordPress Themes from Vendor
CVE-2007-4014

Currently unrated

Key Information:

Vendor: Wordpress
Status: Blix; Blixkrieg; Blixed
Vendor: CVE Published:; 26 July 2007

Summary

A cross-site scripting (XSS) vulnerability exists in the index.php script of specific WordPress themes, including Blix version 0.9.1, Blixed version 1.0, and BlixKrieg version 2.2. This flaw allows remote attackers to inject arbitrary scripts or HTML by exploiting the 's' parameter, potentially leading to unauthorized actions on behalf of users or compromising sensitive data. It is advisable for users of these themes to apply necessary security patches and consider alternatives or updates to safeguard against such vulnerabilities.

References

http://www.osvdb.org/37056

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/35474

vdb-entryx_refsource_XF

http://secunia.com/advisories/26109

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 26, 2007
Vulnerability Reserved
Jul 25, 2007