Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress prior to 2.0.6 allows remote malicious users to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 2.0 |
||
wordpress wordpress 2.0.1 |
||
wordpress wordpress 2.0.2 |
||
wordpress wordpress 2.0.3 |
||
wordpress wordpress 2.0.4 |
||
wordpress wordpress 2.0.5 |