Description
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress version 1.5 is vulnerable.
Remediation
Update to WordPress version 1.5.1 or latest
References
Related Vulnerabilities
MySQL CVE-2018-2813 Vulnerability (CVE-2018-2813)
WordPress Plugin Social Review includes Backdoor [Only if downloaded via the vendor website] (1.0.8)
WebLogic CVE-2020-14588 Vulnerability (CVE-2020-14588)
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.9.24)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-6385)