VYPR

WordPress multi-user

by WordPress

CVEs (2)

  • CVE-2007-4893Sep 14, 2007
    risk 0.00cvss epss 0.02

    wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2)…

  • CVE-2007-4894Sep 14, 2007
    risk 0.00cvss epss 0.04

    Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other…