Description
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media Library Assistant SQL Injection (2.84)
WordPress Plugin Child Theme Creator by Orbisius Arbitrary File Modification (1.2.6)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3967)
WordPress 4.2.x Cross-Site Scripting Vulnerability (4.2 - 4.2.7)
WordPress Plugin zM Ajax Login & Register Multiple Vulnerabilities (1.0.9)