[wp-forums] moderated security thread
James Huff
macmanx at gmail.com
Thu Jun 24 18:43:11 UTC 2010
Then I'm glad you're on this list! I've had trouble with this account going to spam, kind of disheartening. :(
Can anyone else re-open this and post the link that Peter mentioned? I'll be away for a while.
Happy iPhone Line Day!
________
James Huff
http://www.macmanx.com
http://programnotes.wikia.com
On Jun 24, 2010, at 11:15 AM, Peter Westwood <peter.westwood at ftwr.co.uk> wrote:
>
> On 24 Jun 2010, at 15:16, James Huff wrote:
>
>> I reported it to the security email, included the view all link, and deleted the topic to remove it from public view.
>>
>> It wouldn't hurt if someone else reported it too. "The squeaky wheel gets the grease."
>>
>> ________
>> James Huff
>> http://www.macmanx.com
>> http://programnotes.wikia.com
>>
>> On Jun 24, 2010, at 6:30 AM, mrmist <listswptesters at mist.org.uk> wrote:
>>
>>> Hi folk
>>>
>>> I noticed that this thread http://wordpress.org/support/topic/414556?replies=3&view=all was moderated out. Was it a red herring, or if not a red herring did whoever moderated it out report the issue? Just wanting to make sure it's properly dealt with if it is a real risk.
>>>
>
> Not seen the email to security@ it may have got lost in the spam noise though.
>
> This reads very much like the standard report of XSS issues which are only present when you are logged in as an admin as you are inherently a trusted user.
>
> The place to to point the user is this FAQ entry - http://codex.wordpress.org/Security_FAQ#Why_are_some_users_allowed_to_post_unfiltered_HTML.3F
>
> Then ask them to report to security@ if they find a real issue using a non-admin / editor user
>
> Cheers
> --
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
>
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list