Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Input Validation Vulnerability (CVE-2007-1277)

Description

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

Remediation

References

Related Vulnerabilities

MySQL CVE-2020-2752 Vulnerability (CVE-2020-2752)

WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)

ownCloud CVE-2022-43679 Vulnerability (CVE-2022-43679)

WordPress Plugin Blue Wrench Video Widget Cross-Site Scripting (2.1.0)

WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0)

Severity

High

Classification

CVE-2007-1277 CWE-20

Tags

Missing Update Known Vulnerabilities