CVE-2007-1732

Publication date 28 March 2007

Last updated 4 August 2025

Ubuntu priority

Negligible

Why this priority?

Description

Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor

Read the notes from the security team

Status

Package Ubuntu Release Status
wordpress 9.10 karmic Ignored
9.04 jaunty Ignored
8.10 intrepid Ignored
8.04 LTS hardy Ignored
7.10 gutsy Ignored end of life, was needs-triage
7.04 feisty Ignored end of life, was needs-triage
6.10 edgy Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life

Notes

fujitsu

Administrators can post HTML. Terrible.

mdeslaur

disputed. Let's ignore

References

Other references