VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
epss	0.03283	https://api.first.org/data/v1/epss?cve=CVE-2007-1622
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2007-1622

System

Score

Found at

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

epss

0.03283

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

cvssv2

4.3

https://nvd.nist.gov/vuln/detail/CVE-2007-1622

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2007-1622
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1622
		http://secunia.com/advisories/24567
		http://secunia.com/advisories/25108
		http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006
		http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt
		http://www.debian.org/security/2007/dsa-1285
		http://www.securityfocus.com/bid/23027
		http://www.vupen.com/english/advisories/2007/1005
cpe:2.3:a:wordpress:wordpress:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.10:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.3:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.4:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.5:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.6:::::::*
cpe:2.3:a:wordpress:wordpress:2.0.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.7:::::::*
cpe:2.3:a:wordpress:wordpress:2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*
cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:::::::*
CVE-2007-1622		https://nvd.nist.gov/vuln/detail/CVE-2007-1622
CVE-2007-1622;OSVDB-34348	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29754.html
CVE-2007-1622;OSVDB-34348	Exploit	https://www.securityfocus.com/bid/23027/info

Reference id

Reference type

URL

https://api.first.org/data/v1/epss?cve=CVE-2007-1622

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1622

http://secunia.com/advisories/24567

http://secunia.com/advisories/25108

http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006

http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt

http://www.debian.org/security/2007/dsa-1285

http://www.securityfocus.com/bid/23027

http://www.vupen.com/english/advisories/2007/1005

cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:*

CVE-2007-1622

https://nvd.nist.gov/vuln/detail/CVE-2007-1622

CVE-2007-1622;OSVDB-34348

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29754.html

CVE-2007-1622;OSVDB-34348

Exploit

https://www.securityfocus.com/bid/23027/info

Data source	Exploit-DB
Date added	March 19, 2007
Description	WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting
Ransomware campaign use	Known
Source publication date	March 19, 2007
Exploit type	webapps
Platform	php
Source update date	May 4, 2017
Source URL	https://www.securityfocus.com/bid/23027/info

Exploit-DB

March 19, 2007

WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting

Known

March 19, 2007

webapps

php

May 4, 2017

https://www.securityfocus.com/bid/23027/info

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T16:30:17.953305+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.0.0

2026-04-01T16:30:17.953305+00:00

Debian Oval Importer

Import

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.0.0

Vulnerability ID	VCID-vchz-vuh2-cfd9
Aliases	CVE-2007-1622
Summary	Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
Status	Published
Exploitability	2.0
Weighted Severity	3.9
Risk	7.8
Affected and Fixed Packages	Package Details

Percentile	0.87129
EPSS Score	0.03283
Published At	April 1, 2026, 12:55 p.m.