Description
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
Remediation
References
Related Vulnerabilities
WordPress Plugin GarageSale Cross-Site Scripting (1.2.2)
WordPress Plugin WP Job Manager Privilege Escalation (1.34.3)
WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)
WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (8.1)
WordPress Plugin Blog social sharing component Cross-Site Request Forgery (1.4.5)