Description
** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin OneSignal-Web Push Notifications Cross-Site Scripting (1.17.7)
WordPress Plugin Bitcoin/Altcoin Faucet Cross-Site Request Forgery (1.6.0)
WildFly Application Server Uncontrolled Resource Consumption Vulnerability (CVE-2016-9589)
WordPress Plugin Falang multilanguage for WordPress Cross-Site Scripting (1.3.17)
WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities (2.3)