From 35c1cdee74d294b611221e1395b24b298a71a299 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Fri, 7 May 2021 13:48:12 +0000
Subject: [PATCH] Plugins: Escape the currently installed version number on Add
 Plugins screen.

The number is displayed in the plugin details modal if a newer version is already installed.

Props m0ze, bmcculley, ayeshrajans.
Fixes #53020.

git-svn-id: https://develop.svn.wordpress.org/trunk@50825 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/plugin-install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-admin/includes/plugin-install.php b/src/wp-admin/includes/plugin-install.php
index f7b65197bc..6aaf71b9ab 100644
--- a/src/wp-admin/includes/plugin-install.php
+++ b/src/wp-admin/includes/plugin-install.php
@@ -880,7 +880,7 @@ function install_plugin_information() {
 				break;
 			case 'newer_installed':
 				/* translators: %s: Plugin version. */
-				echo '<a class="button button-primary right disabled">' . sprintf( __( 'Newer Version (%s) Installed' ), $status['version'] ) . '</a>';
+				echo '<a class="button button-primary right disabled">' . sprintf( __( 'Newer Version (%s) Installed' ), esc_html( $status['version'] ) ) . '</a>';
 				break;
 			case 'latest_installed':
 				echo '<a class="button button-primary right disabled">' . __( 'Latest Version Installed' ) . '</a>';