Description

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

Remediation

References

CVE-2007-1894

Related Vulnerabilities

WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.8.5.8)

Oracle JRE CVE-2013-5788 Vulnerability (CVE-2013-5788)

WordPress Cookies Security Bypass Weakness (1.5 - 2.3.1)

Oracle Database Server Other Vulnerability (CVE-2001-0942)

WordPress Plugin 4k Icons for Visual Composer-Free Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2007-1894

Tags

Missing Update Known Vulnerabilities