CVE-2007-4894
EPSS 4.0%
Description
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
How to fix CVE-2007-4894
To remediate CVE-2007-4894, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 2.2.3-1 or later
Is CVE-2007-4894 being exploited?
Low — EPSS is 4.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.3-1