Ciri

Name of the Vulnerable Software and Affected Versions: WordPress version 2.1.2 Description: A cross-site scripting (XSS) issue exists, potentially allowing remote authenticated administrators to inject arbitrary web script or HTML. The issue is related to the `demo` parameter in the `wp-admin/admin.php` file. However, the legitimacy of this issue is disputed by another researcher, who claims it is a legitimate functionality for administrators. Recommendations: For WordPress version 2.1.2, update to a version that includes the patch for this issue, as it has been patched by at least one vendor.