{"id":"CVE-2010-5295","details":"Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.","modified":"2026-04-10T03:41:34.422Z","published":"2014-01-21T01:55:03Z","references":[{"type":"ADVISORY","url":"http://codex.wordpress.org/Version_3.0.2"},{"type":"EVIDENCE","url":"https://core.trac.wordpress.org/changeset/16373"},{"type":"FIX","url":"https://core.trac.wordpress.org/changeset/16373"}],"schema_version":"1.7.5"}