Unrated severityNVD Advisory· Published Feb 16, 2006· Updated Jun 16, 2026

CVE-2006-0733

Description

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/WordPress2 versions
cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
- (no CPE)range: =2.0.0
Package: https://wordpress.org/plugins/wordpress

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.htmlnvdExploitVendor Advisory
www.securityfocus.com/bid/16656nvdExploit
www.securityfocus.com/archive/1/425043/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/24736nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000