Medium Published: Sep 26, 2007 Modified: Apr 09, 2025

CVE-2007-5106

4.3 CVSS SCORE

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.

CVSS Vector Details

Attack Vector Network

Attack Complexity M

Confidentiality None

Integrity P

Availability None

Affected Software Configurations

a wordpress wordpress 2.0 * * * * * * *

Weaknesses (CWE)

CWE-79

References & External Links

http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/
http://securityreason.com/securityalert/3175
http://www.securityfocus.com/archive/1/480327/100/0/threaded
http://www.securityfocus.com/bid/25769
https://exchange.xforce.ibmcloud.com/vulnerabilities/36742
http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/
http://securityreason.com/securityalert/3175
http://www.securityfocus.com/archive/1/480327/100/0/threaded
http://www.securityfocus.com/bid/25769
https://exchange.xforce.ibmcloud.com/vulnerabilities/36742

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker