{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-31T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "wordpress-options-xss(35722)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35722"}, {"tags": ["x_refsource_MISC"], "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"name": "30013", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30013"}, {"name": "wordpress-linkimport-xss(35720)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35720"}, {"name": "46995", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/46995"}, {"name": "DSA-1564", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1564"}, {"tags": ["x_refsource_MISC"], "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"name": "46994", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/46994"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4153", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "wordpress-options-xss(35722)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35722"}, {"name": "http://codex.wordpress.org/Roles_and_Capabilities", "refsource": "MISC", "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"name": "30013", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30013"}, {"name": "wordpress-linkimport-xss(35720)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35720"}, {"name": "46995", "refsource": "OSVDB", "url": "http://osvdb.org/46995"}, {"name": "DSA-1564", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1564"}, {"name": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/", "refsource": "MISC", "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"name": "46994", "refsource": "OSVDB", "url": "http://osvdb.org/46994"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.363Z"}, "title": "CVE Program Container", "references": [{"name": "wordpress-options-xss(35722)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35722"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"name": "30013", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30013"}, {"name": "wordpress-linkimport-xss(35720)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35720"}, {"name": "46995", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/46995"}, {"name": "DSA-1564", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1564"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"name": "46994", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/46994"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4153", "datePublished": "2007-08-03T20:00:00.000Z", "dateReserved": "2007-08-03T00:00:00.000Z", "dateUpdated": "2024-08-07T14:46:39.363Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B5BC7E8-4C8A-4183-AB8C-1DAE12935387", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.2.1 permiten a administradores autenticados remotamente inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (2) la tabla Options de la base de datos en el Panel de Administraci\u00f3n, accedida a trav\u00e9s de options.php;o (2) el par\u00e1metro opml_url de link-import.php. NOTA: esto podr\u00eda no cruzar fronteras de privilegios en algunas configuraciones, puesto que el rol de Administrador tiene la capacidad unfiltered_html."}], "id": "CVE-2007-4153", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-03T20:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/46994"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/46995"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30013"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1564"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35720"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://codex.wordpress.org/Roles_and_Capabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/46994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/46995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35722"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}