[wp-hackers] Moved from BlogWare to WordPress - Need Help
wp-hackers at paul-mitchell.me.uk
Sat May 20 10:11:42 GMT 2006
Sean Hickey wrote:
Hello Sean. I raised the alarm.
> So unless I'm missing something, any security holes in the plugin also
> exists in the core of WP, which kind of makes
> a security hole in the plugin a mute point.
There is no referer check that I can see. Your plugin directly UPDATEs
the database instead of calling wp_update_post().
Paul Mitchell, Coding and Crafting Quality Software
More information about the wp-hackers