[wp-forums] moderated security thread
Chris Kasten
handy.solo at gmail.com
Thu Jun 24 18:56:21 UTC 2010
Done and Done.
On Thu, Jun 24, 2010 at 12:43 PM, James Huff <macmanx at gmail.com> wrote:
> Then I'm glad you're on this list! I've had trouble with this account going
> to spam, kind of disheartening. :(
>
> Can anyone else re-open this and post the link that Peter mentioned? I'll
> be away for a while.
>
> Happy iPhone Line Day!
>
> ________
> James Huff
> http://www.macmanx.com
> http://programnotes.wikia.com
>
> On Jun 24, 2010, at 11:15 AM, Peter Westwood <peter.westwood at ftwr.co.uk>
> wrote:
>
> >
> > On 24 Jun 2010, at 15:16, James Huff wrote:
> >
> >> I reported it to the security email, included the view all link, and
> deleted the topic to remove it from public view.
> >>
> >> It wouldn't hurt if someone else reported it too. "The squeaky wheel
> gets the grease."
> >>
> >> ________
> >> James Huff
> >> http://www.macmanx.com
> >> http://programnotes.wikia.com
> >>
> >> On Jun 24, 2010, at 6:30 AM, mrmist <listswptesters at mist.org.uk> wrote:
> >>
> >>> Hi folk
> >>>
> >>> I noticed that this thread
> http://wordpress.org/support/topic/414556?replies=3&view=all was moderated
> out. Was it a red herring, or if not a red herring did whoever moderated it
> out report the issue? Just wanting to make sure it's properly dealt with if
> it is a real risk.
> >>>
> >
> > Not seen the email to security@ it may have got lost in the spam noise
> though.
> >
> > This reads very much like the standard report of XSS issues which are
> only present when you are logged in as an admin as you are inherently a
> trusted user.
> >
> > The place to to point the user is this FAQ entry -
> http://codex.wordpress.org/Security_FAQ#Why_are_some_users_allowed_to_post_unfiltered_HTML.3F
> >
> > Then ask them to report to security@ if they find a real issue using a
> non-admin / editor user
> >
> > Cheers
> > --
> > Peter Westwood
> > http://blog.ftwr.co.uk | http://westi.wordpress.com
> > C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
> >
> > _______________________________________________
> > wp-forums mailing list
> > wp-forums at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-forums
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>
More information about the wp-forums
mailing list