Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote malicious users to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 2.2 |