Unrated severityNVD Advisory· Published Jul 3, 2007· Updated Jun 16, 2026
CVE-2007-3543
CVE-2007-3543
Description
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=2.2.0
- cpe:2.3:a:wordpress:wordpress_mu:*:*:*:*:*:*:*:*range: <=1.2.2
- (no CPE)range: < 2.2.1
- Range: < 1.2.3
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.