[wp-testers] Upgrade 2.0.2 to 2.0.4

[Viper007Bond]

Robert Deaton wrote:
> On 7/29/06, Viper007Bond <lists at viper007bond.com> wrote:
>> As for that supposed security issue, it's kinda a "dur". I mean, of
>> course there are going to be problems if you allow users to register and
>> have it set to auto-promote them to an admin or something like that.
>> That's not an exploit, that's just stupidity.
> 
> Uhm, the security issue is that WordPress didn't properly validate
> plugin page caps for unprivledged users, meaning someone with
> absolutely no caps could access plugin pages that may let them take
> over the blog, depending on the plugin.

Oh, whoops, guess I didn't read the URL well enough.

And isn't that the fault of bad plugin coding, not WordPress' fault? I 
mean, as a plugin coder, I check the current user's permissions when 
doing important things.

> No matter how small the corner case, don't publically discount the
> validity, people need to upgrade, and when they don't because someone
> told them the vulnerability which their blog was taken down through
> was a joke, we'll never hear the end of it.

Oh, no, I wasn't saying people don't need to upgrade. Far from it -- I'm 
getting all of my friends to run the latest version. :)

-Viper