Unrated severityNVD Advisory· Published Oct 5, 2007· Updated Apr 23, 2026

CVE-2007-5229

Description

Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.

Affected products

Feedburner/Feedsmith
cpe:2.3:a:feedburner:feedsmith:2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27055nvdPatchVendor Advisory
blogsecurity.net/wordpress/feedburner-feed-hijacking/nvdExploit
marc.infonvdExploit
blogs.feedburner.com/feedburner/archives/2007/10/the_feedsmith_plugin_newly_for.phpnvd
blogsecurity.net/wordpress/feedsmith-feedburner-vulnerability-fixed/nvd
www.securityfocus.com/bid/25921nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36940nvd
www.exploit-db.com/exploits/30637/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000