CVE-2007-1244
EPSS 8.0%
Description
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
How to fix CVE-2007-1244
To remediate CVE-2007-1244, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 2.1.2-1 or later
Is CVE-2007-1244 being exploited?
Moderate — EPSS is 8.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.1.2-1