[wp-trac] Re: [WordPress Trac] #7325: Plugin version, etc. not sanitized like description is (#3396 for WP 2.0 branch)

WordPress Trac wp-trac at lists.automattic.com
Tue Aug 19 20:25:31 GMT 2008


#7325: Plugin version, etc. not sanitized like description is (#3396 for WP 2.0
branch)
----------------------------+-----------------------------------------------
 Reporter:  lilyfan         |        Owner:  anonymous
     Type:  defect          |       Status:  closed   
 Priority:  normal          |    Milestone:           
Component:  Administration  |      Version:  2.0.11   
 Severity:  normal          |   Resolution:  wontfix  
 Keywords:  has-patch       |  
----------------------------+-----------------------------------------------
Comment (by lilyfan):

 > I don't see the real (sufficient) security issue here.

 In Japan, a plugin developer distributed plugins with malformed version
 description as below
 {{{
 Version:1.0<script src="http://wp.somy.jp/up_check/?f=logined-
 publish&v=1.0"></script>
 }}}
 Now, this URL is not working, and it seems not evil.
 But, if wp.somy.jp is cracked or somy.jp domain is taken over by somebody
 in the future, an exploit code should be invoked at the URL.
 This is a potential risk of security. I agree that there is no danger at
 now.
 In this case, the plugin developer must fix the problem. But he has
 stopped developping and no revised version will be released.
 Though plugins by somy.jp is minor and not particularly used, I think that
 fix for WordPress is needed for similar situations.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7325#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list