CVE-2011-3865
The CVE-2011-3865 entry applies to the Black-LetterHead WordPress theme (versions prior to 1.6). The root cause is a cross-site scripting (XSS) flaw that permits attacker-controlled input in the PATH_INFO to index.php to be executed in a user’s browser. Impact is user-level data and session risk ...