CVE-2007-4483

Vulnerability

The WordPress Classic 1.5 theme for WordPress prior to version 2.1.3 contains a reflected cross-site scripting (XSS) vulnerability in index.php. The issue stems from insufficient filtering of the PATH_INFO (also known as PHP_SELF) variable. When the server passes user-supplied path information to the script without proper sanitization, an attacker can inject arbitrary HTML or JavaScript. Affected versions of WordPress are those below 2.1.3 that use the Classic 1.5 theme [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL that includes encoded script payloads in the path segment, such as http://site/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E. No authentication or special network position is required; the victim simply needs to visit the crafted link. The PHP_SELF value in the theme is echoed without proper sanitization, allowing the attacker's script to execute in the victim's browser context within the affected site's domain [1].

Impact

Successful exploitation enables an attacker to inject arbitrary web script or HTML, leading to reflected cross-site scripting. The attacker can hijack victim sessions, steal cookies, deface pages, or perform other actions that the victim's browser can execute on the target WordPress site. The impact is limited to the browser session of the victim user [1].

Mitigation

WordPress versions 2.1.3 and later have fixed this XSS vulnerability in the Classic theme [1]. Users should upgrade to WordPress 2.1.3 or a newer release. No other workarounds are documented in the available references [1]. The CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.