Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-yume-hvqp-53ga
Vulnerability ID VCID-yume-hvqp-53ga
Aliases CVE-2007-4894
Summary Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.04032 https://api.first.org/data/v1/epss?cve=CVE-2007-4894
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2007-4894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4894
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.88682
EPSS Score 0.04032
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T13:40:51.827139+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0