VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-91ay-j618-akgj

Vulnerability ID	VCID-91ay-j618-akgj
Aliases	CVE-2007-3140
Summary	SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
Status	Published
Exploitability	2.0
Weighted Severity	5.9
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
epss	0.02571	https://api.first.org/data/v1/epss?cve=CVE-2007-3140
cvssv2	6.5	https://nvd.nist.gov/vuln/detail/CVE-2007-3140

Reference id	Reference type	URL
		http://osvdb.org/36321
		https://api.first.org/data/v1/epss?cve=CVE-2007-3140
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3140
		http://secunia.com/advisories/25552
		https://exchange.xforce.ibmcloud.com/vulnerabilities/34746
		https://www.exploit-db.com/exploits/4039
		http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.021.html
		http://www.securityfocus.com/bid/24344
		http://www.vupen.com/english/advisories/2007/2099
428073		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428073
cpe:2.3:a:wordpress:wordpress:2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2:::::::*
CVE-2007-3140		https://nvd.nist.gov/vuln/detail/CVE-2007-3140
OSVDB-36321;CVE-2007-3140	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/4039.txt

Data source	Exploit-DB
Date added	June 5, 2007
Description	WordPress Core 2.2 - 'xmlrpc.php' SQL Injection
Ransomware campaign use	Known
Source publication date	June 6, 2007
Exploit type	webapps
Platform	php
Source update date	Oct. 5, 2016

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3140

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T16:30:19.611454+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.0.0