Description

Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.

Remediation

References

CVE-2010-5295

Related Vulnerabilities

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.0.9)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (2.1.3)

WordPress Plugin WordPress Poll Multiple SQL Injection Vulnerabilities (33.5)

Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2012-1170)

WordPress Plugin IBPS Online Exam Multiple Vulnerabilities (1.0)

Severity

Medium

Classification

CVE-2010-5295 CWE-707

Tags

Missing Update Known Vulnerabilities