CVE-2010-5294

WordPress < 3.0.2 - Cross-Site Scripting via FTP/SSH Error Message

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.

References (2)

Core 2
Core References
Exploit, Patch x_refsource_confirm
https://core.trac.wordpress.org/changeset/16367
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.0.2

Scores

EPSS 0.0071
EPSS Percentile 72.5%

Details

CWE
CWE-79
Status published
Products (47)
wordpress/wordpress 2.0
wordpress/wordpress 2.0.1
wordpress/wordpress 2.0.2
wordpress/wordpress 2.0.4
wordpress/wordpress 2.0.5
wordpress/wordpress 2.0.6
wordpress/wordpress 2.0.7
wordpress/wordpress 2.0.8
wordpress/wordpress 2.0.9
wordpress/wordpress 2.0.10
... and 37 more
Published Jan 21, 2014
Tracked Since Feb 18, 2026