WordPress.MU.Prior.to.2.7.Cross-site.Scripting.Vuln
Description
WordPress MU, or WordPressu, is the multi-user version of WordPress. It is ideal for people who want to set up a large network of blogs.
WordPress MU is no longer a separate project; it is continuing development as part of the main WordPress branch under the name multisite or MS.
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. (CVE-2009-1030)
Affected Products
WordPress MU (WPMU) before 2.7
Impact
The vulnerability would allow remote attackers to inject arbitrary web script or HTML.
Recommended Actions
Please upgrade to the latest version of WordPress from the vendor's website: http://wordpress.org/download .
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |