[wp-hackers] Reputed XSS issue with WordPress (templates.php)
ryan at boren.nu
Tue Feb 13 17:34:41 GMT 2007
On 2/13/07, Alex Günsche <ag.ml2007 at zirona.com> wrote:
> On Tue, 2007-02-13 at 17:44 +0100, Bas Bosman wrote:
> > This can be triggered by users without the edit files capability. You just
> > have to trick somebody with that capability to click that specially
> > crafted link, by mailing a link or posting it in a comment for instance.
> Maybe so, but doesn't this fall into the "social engineering" category?
> With the same arguments, you could say that other managing actions which
> are triggered by a GET request are vulnerable to XSS attacks.
We protect this with a nonce and an AYS. There's nothing more we can do.
More information about the wp-hackers