Unrated severityNVD Advisory· Published Jan 9, 2007· Updated Jun 16, 2026
CVE-2007-0106
CVE-2007-0106
Description
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
- (no CPE)range: <2.0.6
Patches
Vulnerability mechanics
References
8- wordpress.org/development/2007/01/wordpress-206/nvdPatchVendor Advisory
- www.securityfocus.com/bid/21893nvdPatchVendor Advisory
- secunia.com/advisories/23595nvdVendor Advisory
- www.hardened-php.net/advisory_012007.140.htmlnvdVendor Advisory
- osvdb.org/33397nvd
- securityreason.com/securityalert/2114nvd
- www.securityfocus.com/archive/1/456048/100/0/threadednvd
- www.vupen.com/english/advisories/2007/0061nvd
News mentions
0No linked articles in our index yet.