Unrated severityNVD Advisory· Published Sep 14, 2007· Updated Apr 23, 2026
CVE-2007-4894
CVE-2007-4894
Description
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
Affected products
31cpe:2.3:a:wordpress:wordpress:0.6.2:*:*:*:*:*:*:*+ 30 more
- cpe:2.3:a:wordpress:wordpress:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:0.6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.10_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.1.3_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.2_revision5002:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.2_revision5003:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- wordpress.org/development/2007/09/wordpress-223/nvdPatch
- secunia.com/advisories/26771nvdVendor Advisory
- secunia.com/advisories/26796nvdVendor Advisory
- fedoranews.org/updates/FEDORA-2007-214.shtmlnvd
- trac.wordpress.org/ticket/4770nvd
- www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.htmlnvd
- www.vupen.com/english/advisories/2007/3132nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36578nvd
News mentions
0No linked articles in our index yet.