Description
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2)
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-22201)
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.23)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2432)
TYPO3 Files or Directories Accessible to External Parties Vulnerability (CVE-2021-21355)