Description
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
CVSS Metrics
- Vector
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- network
- Access Cmplx
- low
- Auth
- none
- Confidentiality
- partial
- Integrity
- partial
- Availability
- partial
- Weaknesses
- CWE-20
Metadata
- Primary Vendor
- WORDPRESS
- Published
- 3/5/2007
- Last Modified
- 4/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
wordpress : wordpress
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.