VYPR
Unrated severityNVD Advisory· Published Jan 13, 2007· Updated Jun 16, 2026

CVE-2007-0233

CVE-2007-0233

Description

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

20
  • WordPress/WordPress20 versions
    cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
    • (no CPE)range: <=2.0.6

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.