Nacin

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.0.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the request filesystem credentials function. These vulnerabilities allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for FTP or SSH connection attempts. **Recommendations** For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the request filesystem credentials function in wp-admin/includes/file.php until a patch is applied. Avoid using the vulnerable function for FTP or SSH connection attempts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.0.2 **Description** The issue allows remote authenticated administrators to bypass intended access restrictions. This is due to the lack of requirement for the Super Admin role for the delete users capability in Multisite configurations. **Recommendations** For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue.