CVE-2011-0700

Published: 14 March 2011

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.

Priority

Status

Package	Release	Status
wordpress Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Ignored (end of life)
	karmic	Ignored (end of life)
	lucid	Ignored (end of life)
	maverick	Ignored (end of life)
	natty	Not vulnerable (3.0.5+dfsg-1ubuntu1)
	oneiric	Not vulnerable (3.0.5+dfsg-1ubuntu1)
	precise	Not vulnerable (3.0.5+dfsg-1ubuntu1)
	quantal	Not vulnerable (3.0.5+dfsg-1ubuntu1)
	raring	Not vulnerable (3.0.5+dfsg-1ubuntu1)
	saucy	Not vulnerable (3.0.5+dfsg-1ubuntu1)
	upstream	Released (3.0.5)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2011-0700

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading