CVE-2010-5295

Description

Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.

Affected packages (1)

• Debian/wordpressfrom 0, < 3.0.2-1

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-5295