Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-n2ep-cw4n-gkda
Vulnerability ID VCID-n2ep-cw4n-gkda
Aliases CVE-2007-1894
Summary Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
epss 0.05601 https://api.first.org/data/v1/epss?cve=CVE-2007-1894
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2007-1894
Reference id Reference type URL
http://chxsecurity.org/advisories/adv-1-mid.txt
https://api.first.org/data/v1/epss?cve=CVE-2007-1894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1894
http://secunia.com/advisories/24485
http://secunia.com/advisories/25108
http://securityreason.com/securityalert/2526
http://trac.wordpress.org/changeset/5003
http://trac.wordpress.org/ticket/4093
http://www.debian.org/security/2007/dsa-1285
http://www.securityfocus.com/archive/1/462374/100/0/threaded
http://www.securityfocus.com/bid/22902
cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:2.2_revision5002:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.2_revision5002:*:*:*:*:*:*:*
CVE-2007-1894 https://nvd.nist.gov/vuln/detail/CVE-2007-1894
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1894
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90275
EPSS Score 0.05601
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T16:30:18.352121+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.0.0