Wordpress Post.PHP Cross-Site Scripting Vulnerability

Bugtraq ID:	22735
Class:	Input Validation Error
CVE:	CVE-2007-1244
Remote:	Yes
Local:	No
Published:	Feb 26 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Samenspender is credited with the discovery of this vulnerability.
Vulnerable:	WordPress WordPress 2.1.1 Gentoo Linux
Not Vulnerable:

Wordpress Post.PHP Cross-Site Scripting Vulnerability

Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Wordpress 2.1.1 is vulnerable to this issue; other versions may also be affected.

Wordpress Post.PHP Cross-Site Scripting Vulnerability

An attacker may exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Sample exploit code has been provided:

• /data/vulnerabilities/exploits/22735.html

Wordpress Post.PHP Cross-Site Scripting Vulnerability

Solution:
The vendor has addressed this issue in a recent patch. The fix will be included in version 2.1.2. Please see the referenced vendor ticket for information on how to obtain and apply the patch.

Wordpress Post.PHP Cross-Site Scripting Vulnerability

References:

• Ticket #3879 XSS in 2.1.1 input passed to the "post" parameter in wp-admin/post. (WordPress)
  
• Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities (Stefan Friedli)