Description

Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.

Remediation

References

CVE-2007-3240

Related Vulnerabilities

WordPress Plugin WebP Express Unspecified Vulnerability (0.14.21)

IBMHttpServer Other Vulnerability (CVE-2004-1082)

osTicket Other Vulnerability (CVE-2005-1439)

WordPress Plugin WP Statistics SQL Injection (12.0.7)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-12459)

Severity

Medium

Classification

CVE-2007-3240

Tags

Missing Update Known Vulnerabilities