Description
WordPress is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks. WordPress versions prior to 3.1.1 are vulnerable.
Remediation
Update to WordPress version 3.1.1 or latest
References
Related Vulnerabilities
WordPress Plugin Event Management Tickets Booking By Event Monster Cross-Site Scripting (1.0.7)
WordPress Plugin Drug Search Cross-Site Scripting (1.0.0)
Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)