Description

Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.

Remediation

References

CVE-2007-3240

Related Vulnerabilities

WordPress Plugin Portfolio-WordPress Portfolio Cross-Site Request Forgery (2.8.8)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20281)

MySQL CVE-2021-35627 Vulnerability (CVE-2021-35627)

WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Security Bypass (2.7.2)

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6905)

Severity

Medium

Classification

CVE-2007-3240

Tags

Missing Update Known Vulnerabilities