CVE-2007-0106 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

OR	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.4:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.5:::::::*

No data.

References

Link	Providers
http://osvdb.org/33397
http://secunia.com/advisories/23595
http://securityreason.com/securityalert/2114
http://wordpress.org/development/2007/01/wordpress-206/
http://www.hardened-php.net/advisory_012007.140.html
http://www.securityfocus.com/archive/1/456048/100/0/threaded
http://www.securityfocus.com/bid/21893
http://www.vupen.com/english/advisories/2007/0061

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-09T00:00:00

Updated: 2024-08-07T12:03:37.057Z

Reserved: 2007-01-08T00:00:00

Link: CVE-2007-0106

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-09T00:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0106

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2114", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2114"}, {"name": "20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456048/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wordpress.org/development/2007/01/wordpress-206/"}, {"name": "23595", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23595"}, {"name": "33397", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33397"}, {"name": "ADV-2007-0061", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0061"}, {"name": "21893", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21893"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hardened-php.net/advisory_012007.140.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0106", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2114", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2114"}, {"name": "20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456048/100/0/threaded"}, {"name": "http://wordpress.org/development/2007/01/wordpress-206/", "refsource": "CONFIRM", "url": "http://wordpress.org/development/2007/01/wordpress-206/"}, {"name": "23595", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23595"}, {"name": "33397", "refsource": "OSVDB", "url": "http://osvdb.org/33397"}, {"name": "ADV-2007-0061", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0061"}, {"name": "21893", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21893"}, {"name": "http://www.hardened-php.net/advisory_012007.140.html", "refsource": "MISC", "url": "http://www.hardened-php.net/advisory_012007.140.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:03:37.057Z"}, "title": "CVE Program Container", "references": [{"name": "2114", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2114"}, {"name": "20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/456048/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wordpress.org/development/2007/01/wordpress-206/"}, {"name": "23595", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23595"}, {"name": "33397", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33397"}, {"name": "ADV-2007-0061", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0061"}, {"name": "21893", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21893"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hardened-php.net/advisory_012007.140.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0106", "datePublished": "2007-01-09T00:00:00", "dateReserved": "2007-01-08T00:00:00", "dateUpdated": "2024-08-07T12:03:37.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDCFE9AA-39E9-4366-AAB7-F7A891BC797E", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAF4671A-8449-438E-922B-94E5542137BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "92F05A1F-2227-4166-807B-1BDE2EA8F245", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73E23-7CD0-429C-986B-5F721F1696BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "EECE66B3-3696-4E98-AF63-DF2FB256A6FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "E75BB382-6B47-4C6A-BF94-80443BEB1A23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el esquema de protecci\u00f3n ante CSRF de WordPress anterior a 2.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante un ataque CSRF con un token inv\u00e1lido y comillas o etiquetas HTML en los nombres de variable de la URL, que no son manejados adecuadamente cuando WordPress genera un nuevo enlace para verificar la petici\u00f3n."}], "id": "CVE-2007-0106", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-01-09T00:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33397"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23595"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2114"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://wordpress.org/development/2007/01/wordpress-206/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.hardened-php.net/advisory_012007.140.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456048/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/21893"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/33397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://wordpress.org/development/2007/01/wordpress-206/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.hardened-php.net/advisory_012007.140.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/456048/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/21893"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0061"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}