CVE-2007-4104

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35646

http://secunia.com/advisories/26249

http://osvdb.org/37259

http://bueltge.de/plugin-wp-feedstats-in-neuer-version/481/

http://blogsecurity.net/wordpress/news-260707/

http://blogsecurity.net/news/news-130707/

Details

Source: Mitre, NVD

Published: 2007-07-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.06633