[wp-hackers] Critical WP Flaw?
ryan at boren.nu
Thu Jul 27 08:41:01 GMT 2006
Computer Guru wrote:
>> See my previous. The problem is with plugins that don't check caps.
>>> 2) _Official_ threat level, just how serious is it?
>> If plugins don't check caps, it can be very serious.
> Thanks for being here Ryan,
> I don't understand. Dr. Dave's post _doesn't_ allude to plugins, it says it's a WP threat in general. So it's not? Like, if I have no plugins, I'm safe? The WP-Core isn't affected?
> Then, pardon my asking, what's the veil of secrecy for if it's a plugin vulnerability?
The plugins still need to be fixed, so a little secrecy is in order even
though this thread has probably given up the game already.
Regardless of this bug, 2.0.4 is a security release. Let's test the
beta and get it out there.
More information about the wp-hackers