Description

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.

Remediation

References

CVE-2007-2627

Related Vulnerabilities

WordPress Plugin Code Insert Manager (Q2W3 Inc Manager) ZeroClipboard Cross-Site Scripting (2.3.1)

WordPress Plugin Launcher:Coming Soon & Maintenance Mode Cross-Site Scripting (1.0.10)

Oracle Database Server Improper Input Validation Vulnerability (CVE-2018-1000873)

WordPress Plugin Video Embed SQL Injection (1.0)

RubyGems Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-8325)

Severity

Medium

Classification

CVE-2007-2627

Tags

Missing Update Known Vulnerabilities