Cross-Site Scripting Vulnerability in WordPress Multi-User
CVE-2007-4544

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress Mu
Vendor: CVE Published:; 27 August 2007

Summary

The XSS vulnerability in WordPress Multi-User (MU) 1.0 and earlier allows remote attackers to exploit the weblog_id parameter in wp-newblog.php. This flaw enables the injection of arbitrary HTML or web scripts, potentially compromising the integrity of the affected site and its users. Administrators should implement measures to mitigate this risk and ensure system security.

References

http://www.securityfocus.com/archive/1/482006/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityvulns.ru/Rdocument875.html

x_refsource_MISC

http://websecurity.com.ua/1269/

x_refsource_MISC

Timeline

Vulnerability published
Aug 27, 2007
Vulnerability Reserved
Aug 27, 2007