[wp-hackers] XSS Vulnerability reported by a french geek
r at robm.me.uk
Tue May 29 16:08:17 GMT 2007
On 29/05/07, Aaron Brazell <abrazell at b5media.com> wrote:
> I still still still don't see this as an actual flaw. unfiltered_html
> is a capability that an administrator should have. If the person has
> administrative rights, well they can delete the whole blog. Is that
> classified as a security risk too?
I agree, but out of interest why don't we nonce comments? It seems
like we could stop a lot of comment spam and seal up this kind of
vulnerability if we did.
Theme compatibility issues?
email - rob at graphics.net
web - http://www.graphics.net/ | http://robm.me.uk/
More information about the wp-hackers