Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server Improper Input Validation Vulnerability (CVE-2001-0509)
Joomla! Core Multiple Vulnerabilities (1.5.0 - 3.7.2)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4938)
Drupal Incorrect Authorization Vulnerability (CVE-2023-31250)
WordPress Plugin Gallery by BestWebSoft Cross-Site Scripting (4.4.9)