CVE-2007-4166

CVE Database · CVE-2007-4166

CVE-2007-4166

· N/AModified

CVSS v3.1

N/A

EPSS

2.08%

Published

Aug 7, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information.

Affected Products (2)

wordpress · unamed_themevulnerable

wordpress · unamed_theme_sevulnerable

References (10)

http://osvdb.org/36604

http://secunia.com/advisories/26321

Vendor Advisory

http://www.securityfocus.com/bid/25215

http://xuyiyang.com/2007/06/29/unnamed-1-217/

https://exchange.xforce.ibmcloud.com/vulnerabilities/35821