CVE-2007-2627

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2007-2627
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-2627.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2007-2627
Related
Published
2007-05-11T17:19:00Z
Modified
2025-04-09T00:30:58Z
Downstream
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHPSELF), a different vulnerability than CVE-2007-1622.

References

Affected packages

Debian:11 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.2-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:12 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.2-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:13 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.2-1

Ecosystem specific 

{
    "urgency": "low"
}