Description
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Ads Manager Arbitrary File Upload (2.5.94)
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3530)
MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-32036)