Unrated severityNVD Advisory· Published May 11, 2007· Updated Jun 16, 2026
CVE-2007-2627
CVE-2007-2627
Description
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
- (no CPE)
- osv-coords4 versionspkg:apk/chainguard/wordpresspkg:apk/chainguard/wordpress-oci-entrypointpkg:apk/wolfi/wordpresspkg:apk/wolfi/wordpress-oci-entrypoint
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.