[wp-trac] Re: [WordPress Trac] #4344: new vulnerability in WordPress

WordPress Trac wp-trac at lists.automattic.com
Sun May 27 04:47:31 GMT 2007


#4344: new vulnerability in WordPress
-----------------------+----------------------------------------------------
 Reporter:  PsychoGun  |        Owner:  anonymous
     Type:  defect     |       Status:  closed   
 Priority:  normal     |    Milestone:           
Component:  Security   |      Version:           
 Severity:  normal     |   Resolution:  invalid  
 Keywords:             |  
-----------------------+----------------------------------------------------
Changes (by g30rg3x):

  * priority:  highest omg bbq => normal
  * status:  new => closed
  * resolution:  => invalid

Comment:

 you need the "_wp_unfiltered_html_comment" Token for getting the admin
 posting data with no-filtering and obviously for getting work your XSS...
 So if you test your PoC you will see there is no security breach...

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4344#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list