Description

Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.

Remediation

References

CVE-2010-5295

Related Vulnerabilities

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17917)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.32)

Oracle JRE CVE-2013-1473 Vulnerability (CVE-2013-1473)

WordPress Plugin WP AutoComplete Search SQL Injection (1.0.4)

Sqlite Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19925)

Severity

Medium

Classification

CVE-2010-5295 CWE-707

Tags

Missing Update Known Vulnerabilities