WordPress Vulnerabilities

WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php

Affects WordPress

3.0.1
Fixed in WordPress 3.0.2
3.0
Fixed in WordPress 3.0.2
2.9.2
Fixed in WordPress 3.0.2
2.9.1
Fixed in WordPress 3.0.2
2.9
Fixed in WordPress 3.0.2
2.8.6
Fixed in WordPress 3.0.2
2.8.5
Fixed in WordPress 3.0.2
2.8.4
Fixed in WordPress 3.0.2
2.8.3
Fixed in WordPress 3.0.2
2.8.2
Fixed in WordPress 3.0.2
2.8.1
Fixed in WordPress 3.0.2
2.8
Fixed in WordPress 3.0.2
2.7.1
Fixed in WordPress 3.0.2
2.7
Fixed in WordPress 3.0.2
2.6.5
Fixed in WordPress 3.0.2
2.6.3
Fixed in WordPress 3.0.2
2.6.2
Fixed in WordPress 3.0.2
2.6.1
Fixed in WordPress 3.0.2
2.6
Fixed in WordPress 3.0.2
2.5.1
Fixed in WordPress 3.0.2
2.5
Fixed in WordPress 3.0.2
2.3.3
Fixed in WordPress 3.0.2
2.3.2
Fixed in WordPress 3.0.2
2.3.1
Fixed in WordPress 3.0.2
2.3
Fixed in WordPress 3.0.2
2.2.3
Fixed in WordPress 3.0.2
2.2.2
Fixed in WordPress 3.0.2
2.2.1
Fixed in WordPress 3.0.2
2.2
Fixed in WordPress 3.0.2
2.1.3
Fixed in WordPress 3.0.2
2.1.2
Fixed in WordPress 3.0.2
2.1.1
Fixed in WordPress 3.0.2
2.1
Fixed in WordPress 3.0.2
2.0.11
Fixed in WordPress 3.0.2
2.0.10
Fixed in WordPress 3.0.2
2.0.9
Fixed in WordPress 3.0.2
2.0.8
Fixed in WordPress 3.0.2
2.0.7
Fixed in WordPress 3.0.2
2.0.6
Fixed in WordPress 3.0.2
2.0.5
Fixed in WordPress 3.0.2
2.0.4
Fixed in WordPress 3.0.2
2.0.3
Fixed in WordPress 3.0.2
2.0.2
Fixed in WordPress 3.0.2
2.0.1
Fixed in WordPress 3.0.2
2.0
Fixed in WordPress 3.0.2

References

CVE
CVE-2010-5295

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
90d42b7b-5497-42e1-a47c-10f79afc9f9f

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-01-08
Title
AMP for WP < 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload
Published
2025-01-24
Title
Orbisius Simple Notice < 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-10-31
Title
(dp) AddThis <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-02-18
Title
Store Locator Widget < 2025r2 - Contributor+ Stored XSS
Published
2024-06-05
Title
Rotating Tweets (Twitter widget and shortcode) <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode