Unrated severityNVD Advisory· Published Jul 3, 2007· Updated Jun 16, 2026
CVE-2007-3544
CVE-2007-3544
Description
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=2.2.0
- cpe:2.3:a:wordpress:wordpress_mu:*:*:*:*:*:*:*:*range: <=1.2.2
- (no CPE)range: =2.2.1
- Range: =1.2.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.