Description
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.38)
WordPress Plugin WP Easy Columns Cross-Site Scripting (2.1.3)
WordPress Plugin Cryptocurrency Widgets For Elementor Security Bypass (1.2.1)
WordPress Plugin Bold Timeline Lite Cross-Site Scripting (1.1.4)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)