CVE-2010-5295 Information

Description

Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin’s author field which is not properly handled during a Delete Plugin action.

Reference

http://codex.wordpress.org/Version_3.0.2 https://core.trac.wordpress.org/changeset/16373