{"id":"CVE-2007-2627","details":"Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.","modified":"2026-04-10T03:38:51.180205Z","published":"2007-05-11T17:19:00Z","related":["CGA-686v-9vqg-qhp7"],"references":[{"type":"WEB","url":"http://osvdb.org/37296"},{"type":"WEB","url":"http://securityreason.com/securityalert/2694"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/467360/100/0/threaded"}],"schema_version":"1.7.5"}