Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin MailPoet Newsletters (Previous) SQL Injection (2.2)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (4.0.9)
WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)
MySQL CVE-2020-2579 Vulnerability (CVE-2020-2579)
WordPress Plugin SEO Redirection-301 Redirect Manager Unspecified Vulnerability (8.7)