[wp-trac] Re: [WordPress Trac] #7325: Plugin version, etc. not sanitized like description is (#3396 for WP 2.0 branch)

WordPress Trac wp-trac at lists.automattic.com
Wed Aug 13 15:45:08 GMT 2008


#7325: Plugin version, etc. not sanitized like description is (#3396 for WP 2.0
branch)
----------------------------+-----------------------------------------------
 Reporter:  lilyfan         |        Owner:  anonymous
     Type:  defect          |       Status:  closed   
 Priority:  normal          |    Milestone:           
Component:  Administration  |      Version:  2.0.11   
 Severity:  normal          |   Resolution:  wontfix  
 Keywords:  has-patch       |  
----------------------------+-----------------------------------------------
Changes (by lloydbudd):

  * status:  reopened => closed
  * resolution:  => wontfix

Comment:

 Replying to [comment:2 lilyfan]:
 > The XSS is caused at the plugins list panel of site admin screen, not
 weblog view.
 > A bad plugin can carry out an evil script for admin users.

 Which only admin's have access to.

 An admin has already uploaded it. Activation is the next, *immediate*
 step.

 I don't see the real (sufficient) security issue here. Re-closing won't
 fix.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7325#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list