Lucene search
HistoryJan 21, 2014 - 1:55 a.m.
CVE-2010-5295
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.002
Percentile
55.5%
Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin’s author field, which is not properly handled during a Delete Plugin action.
Affected configurations
Node
wordpresswordpressRange≤3.0.1
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.4a
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.5.1
ORwordpresswordpressMatch2.8.5.2
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.1.1
ORwordpresswordpressMatch2.9.2
ORwordpresswordpressMatch3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0 | cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.1 | cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.2 | cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.4 | cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.5 | cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.6 | cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.7 | cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.8 | cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:* |
| wordpress | wordpress | 2.0.9 | cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:* |
Related
debiancve
debiancve
CVE-2010-5295
2014-01-21 01:55:03
ubuntucve
ubuntucve
CVE-2010-5295
2014-01-21 00:00:00
prion
prion
Cross site scripting
2014-01-21 01:55:00
cvelist
cvelist
CVE-2010-5295
2014-01-21 01:00:00
patchstack
patchstack
WordPress <= 3.0.1 - XSS
2014-01-20 00:00:00
wpvulndb
wpvulndb
WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php
2014-08-01 10:58:24
cve
cve
CVE-2010-5295
2014-01-21 01:55:03
openvas
openvas
WordPress < 3.0.2 Multiple Vulnerabilities
2022-12-08 00:00:00
nessus
nessus
WordPress < 3.0.2 Multiple Vulnerabilities
2016-02-26 00:00:00
WordPress < 3.0.2 Multiple Vulnerabilities
2011-02-03 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.002
Percentile
55.5%
Related for NVD:CVE-2010-5295