CVE-2007-4893

Published: Sep 14, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.

Affected (31)

Products: Wordpress: Wordpress

Wordpress

1 product

Wordpress

Configuration A

31 vulnerable

Vulnerable Software	Affected Versions
Wordpress Wordpress	Version 0.6.2.1
Wordpress Wordpress	Version 0.6.2
Wordpress Wordpress	Version 0.71
Wordpress Wordpress	Version 0.7
Wordpress Wordpress	Version 1.2.1
Wordpress Wordpress	Version 1.2.2
Wordpress Wordpress	Version 1.2
Wordpress Wordpress	Version 1.5.1.2
Wordpress Wordpress	Version 1.5.1.3
Wordpress Wordpress	Version 1.5.1
Wordpress Wordpress	Version 1.5
Wordpress Wordpress	Version 2.0.10_rc1
Wordpress Wordpress	Version 2.0.10_rc2
Wordpress Wordpress	Version 2.0.1
Wordpress Wordpress	Version 2.0.2
Wordpress Wordpress	Version 2.0.3
Wordpress Wordpress	Version 2.0.4
Wordpress Wordpress	Version 2.0.5
Wordpress Wordpress	Version 2.0.6
Wordpress Wordpress	Version 2.0.7
Wordpress Wordpress	Version 2.0
Wordpress Wordpress	Version 2.1.1
Wordpress Wordpress	Version 2.1.2
Wordpress Wordpress	Version 2.1.3
Wordpress Wordpress	Version 2.1.3_rc1
Wordpress Wordpress	Version 2.1.3_rc2
Wordpress Wordpress	Version 2.2.1
Wordpress Wordpress	Version 2.2.2
Wordpress Wordpress	Version 2.2
Wordpress Wordpress	Version 2.2_revision5002
Wordpress Wordpress	Version 2.2_revision5003