CVE-2010-5295
WordPress < 3.0.2 - Cross-Site Scripting via Plugin Author Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.
References (2)
Core 2
Core References
Exploit, Patch x_refsource_confirm
https://core.trac.wordpress.org/changeset/16373
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.0.2
Scores
EPSS
0.0050
EPSS Percentile
66.2%
Details
CWE
CWE-79
Status
published
Products (47)
wordpress/wordpress
2.0
wordpress/wordpress
2.0.1
wordpress/wordpress
2.0.2
wordpress/wordpress
2.0.4
wordpress/wordpress
2.0.5
wordpress/wordpress
2.0.6
wordpress/wordpress
2.0.7
wordpress/wordpress
2.0.8
wordpress/wordpress
2.0.9
wordpress/wordpress
2.0.10
... and 37 more
Published
Jan 21, 2014
Tracked Since
Feb 18, 2026