Description
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.
Remediation
References
Related Vulnerabilities
WordPress Plugin Infusionsoft Gravity Forms Add-on Arbitrary File Upload (1.5.10)
WordPress Plugin Auto Affiliate Links Multiple SQL Injection Vulnerabilities (4.9.9.4)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5489)
WordPress Plugin Very Simple Quiz Cross-Site Scripting (1.0.0)