Description
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2015-6832)
Oracle JRE CVE-2012-5074 Vulnerability (CVE-2012-5074)
WordPress Plugin HTML5 Maps Cross-Site Request Forgery (1.6.5.6)
WordPress Plugin Simple Yearly Archive Cross-Site Scripting (2.1.8)
WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)