CVE-2010-5295 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 34.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJan 21

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.0.2-1 (bookworm)

▶Debianwordpress/wordpress< 3.0.2-1+3

▶NVDwordpress/wordpress3.0.1+46

Patches

Patch: core.trac.wordpress.org ↗Patch: core.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-hw7c-mc39-5vqf: Cross-site scripting (XSS) vulnerability in wp-admin/plugins↗2022-05-17

▶

OSV

CVE-2010-5295: Cross-site scripting (XSS) vulnerability in wp-admin/plugins↗2014-01-21

▶

📋Vendor Advisories

Debian

CVE-2010-5295: wordpress - Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress be...↗2010

▶