CVE-2007-3238 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blogsecurity.net/wordpress/news/news-100607-1/
http://codex.wordpress.org/Roles_and_Capabilities
http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/
http://osvdb.org/37293
http://secunia.com/advisories/25541/
http://secunia.com/advisories/29014
http://securityreason.com/securityalert/2807
http://www.debian.org/security/2008/dsa-1502
http://www.securityfocus.com/archive/1/470837/100/0/threaded
http://www.securityfocus.com/bid/25161
http://www.xssnews.com/
https://exchange.xforce.ibmcloud.com/vulnerabilities/34785

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-15T01:00:00

Updated: 2024-08-07T14:05:29.599Z

Reserved: 2007-06-14T00:00:00

Link: CVE-2007-3238

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-06-15T01:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3238

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1502", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1502"}, {"tags": ["x_refsource_MISC"], "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"tags": ["x_refsource_MISC"], "url": "http://blogsecurity.net/wordpress/news/news-100607-1/"}, {"name": "25161", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25161"}, {"name": "wordpress-themes-xss(34785)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34785"}, {"name": "2807", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2807"}, {"tags": ["x_refsource_MISC"], "url": "http://www.xssnews.com/"}, {"name": "37293", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37293"}, {"name": "25541", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25541/"}, {"tags": ["x_refsource_MISC"], "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"name": "20070608 Wordpress default theme XSS (admin) and other problems", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/470837/100/0/threaded"}, {"name": "29014", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29014"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1502", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1502"}, {"name": "http://codex.wordpress.org/Roles_and_Capabilities", "refsource": "MISC", "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"name": "http://blogsecurity.net/wordpress/news/news-100607-1/", "refsource": "MISC", "url": "http://blogsecurity.net/wordpress/news/news-100607-1/"}, {"name": "25161", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25161"}, {"name": "wordpress-themes-xss(34785)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34785"}, {"name": "2807", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2807"}, {"name": "http://www.xssnews.com/", "refsource": "MISC", "url": "http://www.xssnews.com/"}, {"name": "37293", "refsource": "OSVDB", "url": "http://osvdb.org/37293"}, {"name": "25541", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25541/"}, {"name": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/", "refsource": "MISC", "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"name": "20070608 Wordpress default theme XSS (admin) and other problems", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/470837/100/0/threaded"}, {"name": "29014", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29014"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:05:29.599Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1502", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1502"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogsecurity.net/wordpress/news/news-100607-1/"}, {"name": "25161", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25161"}, {"name": "wordpress-themes-xss(34785)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34785"}, {"name": "2807", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2807"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.xssnews.com/"}, {"name": "37293", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37293"}, {"name": "25541", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25541/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"name": "20070608 Wordpress default theme XSS (admin) and other problems", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/470837/100/0/threaded"}, {"name": "29014", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29014"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3238", "datePublished": "2007-06-15T01:00:00", "dateReserved": "2007-06-14T00:00:00", "dateUpdated": "2024-08-07T14:05:29.599Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A9FBA02-8A6A-471F-92CD-D8E77B5061C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en functions.php en el tema por defecto en WordPress 2.2 permite a administradores validados remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de PATH_INFO (REQUEST_URI) en wp-admin/themes.php, un vulnerabilidad diferente que CVE-2007-1622. NOTA: esto no puede cruzar l\u00edmites del privilegio en algunas configuraciones, puesto que el papel del administrador tiene la capacidad de unfiltered_html."}], "id": "CVE-2007-3238", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-15T01:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blogsecurity.net/wordpress/news/news-100607-1/"}, {"source": "cve@mitre.org", "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"source": "cve@mitre.org", "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37293"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25541/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29014"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2807"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1502"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/470837/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25161"}, {"source": "cve@mitre.org", "url": "http://www.xssnews.com/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogsecurity.net/wordpress/news/news-100607-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37293"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25541/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1502"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/470837/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xssnews.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34785"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}