CVE-2006-0733

LOW

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability

CVSS v2.0 Score

2.6

/ 10.0

LOW

AV:N/AC:H/Au:N/C:N/I:P/A:N

Information

Published: 16 févr. 2006
Updated: 16 avr. 2026
Status: Modified
Source: cve@mitre.org

Affected products

wordpress wordpressAll WordPress CVEs →

Versions : 2.0

Weaknesses (CWE)

NVD-CWE-Other

References (8)

http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html
ExploitVendor Advisory
http://www.securityfocus.com/archive/1/425043/100/0/threaded
http://www.securityfocus.com/bid/16656
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/24736
http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html
ExploitVendor Advisory
http://www.securityfocus.com/archive/1/425043/100/0/threaded
http://www.securityfocus.com/bid/16656
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/24736

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring