CVE-2010-5294

WordPress <3.0.2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.

References (2)

Scores

EPSS 0.0071
EPSS Percentile 72.1%

Details

CWE
CWE-79
Status published
Products (49)
wordpress/wordpress < 3.0.1
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
... and 39 more
Published Jan 21, 2014
Tracked Since Feb 18, 2026