CVE-2010-4402
The CVE refers to WordPress Register Plus Plugin before or at version 3.5.1, where wp-login.php exposes multiple XSS flaws. The root cause is unsanitized/reflective input in the register action, enabling remote attackers to inject arbitrary script or HTML via the 9 parameters: firstname, lastname...