Vulnerability Description
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | All versions |
References
- http://osvdb.org/37296
- http://securityreason.com/securityalert/2694
- http://www.securityfocus.com/archive/1/467360/100/0/threaded
- http://osvdb.org/37296
- http://securityreason.com/securityalert/2694
- http://www.securityfocus.com/archive/1/467360/100/0/threaded
FAQ
What is CVE-2007-2627?
CVE-2007-2627 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query...
How severe is CVE-2007-2627?
CVE-2007-2627 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2627?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.