[wp-forums] jetpack exposes css-optimiser form
Otto
otto at ottodestruct.com
Thu Jan 3 06:24:59 UTC 2013
That code should indeed be removed from Jetpack since it's vulnerable
to a CSS attack, but it's not a threat to WordPress itself. It would
be extremely difficult to leverage that into a hacked site, and would
require a gullible administrator as well.
-Otto
On Wed, Jan 2, 2013 at 11:40 PM, Michael Atkins
<michael at cubecolour.co.uk> wrote:
> Adonis Nafeh has flagged up a concern he has with Jetpack
>
> http://wordpress.org/support/topic/vulnerability-possible-vulnerability-in-jetpack-custom-css
>
> I tried to reach the css_optimiser.php page he mentioned in one of my own installs & got a 404, however I have since found that even with jetpack not active a non-logged-in user can still load up that page on other sites.
>
> Does this look like it is anything to worry about? or is it a red herring?
>
> Michael
> @cubecolour
>
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list