CVE-2010-5294

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.0.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the request filesystem credentials function. These vulnerabilities allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for FTP or SSH connection attempts.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the request filesystem credentials function in wp-admin/includes/file.php until a patch is applied. Avoid using the vulnerable function for FTP or SSH connection attempts until the issue is resolved.