Description
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
Remediation
References
Related Vulnerabilities
WordPress Plugin Better WordPress reCAPTCHA (with no CAPTCHA reCAPTCHA) Cross-Site Scripting (2.0.3)
WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.23.2)
WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Open Redirect (4.0)