Unrated severityNVD Advisory· Published Jan 3, 2011· Updated Jun 16, 2026
CVE-2010-4536
CVE-2010-4536
Description
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=3.0.3
- (no CPE)range: <3.0.4
Patches
Vulnerability mechanics
References
10- core.trac.wordpress.org/changeset/17172/branches/3.0nvdPatchVendor Advisory
- wordpress.org/news/2010/12/3-0-4-update/nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2010/12/30/1nvdMailing ListPatchThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-January/053289.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-January/053293.htmlnvdThird Party Advisory
- secunia.com/advisories/42755nvdThird Party Advisory
- secunia.com/advisories/43000nvdThird Party Advisory
- www.securityfocus.com/bid/45620nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2010/3335nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0167nvdThird Party Advisory
News mentions
0No linked articles in our index yet.