Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.
Remediation
References
Related Vulnerabilities
WordPress Plugin SEO Backdoor (5.0)
WordPress Plugin Instagram Feed Unspecified Vulnerability (1.10.2)
Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2012-1156)
PHP Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2004-0594)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (4.0.3)