PT-2011-1595 · WordPress · Wordpress
Published
2011-01-03
·
Updated
2017-11-21
·
CVE-2010-4536
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress versions prior to 3.0.4
Description
The issue allows remote attackers to inject arbitrary web script or HTML via several vectors, including the ampersand character, the case of an attribute name, a padded entity, and an entity that is not in normalized form.
Recommendations
For WordPress versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially malicious characters or entities in user input until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress