[wp-hackers] Exploit, or no?

Ryan Boren ryan at boren.nu
Tue Jun 28 17:21:25 GMT 2005


On Tue, 2005-06-28 at 13:06 -0400, Scott Merrill wrote:
> This thread:
>   http://wordpress.org/support/topic/37482
> was last responded to by Ryan on Saturday.  Since then, some development
> work has occured on WordPress in the form of SVN check-ins for Mark
> Jaquith's get_id_by_permalink() work.
> 
> So, is there a confirmed vulnerability about which we should be
> concerned?  If so:

Yes.

> * are there any mitigating circumstances to lessen the threat?
> * are there any steps we can take to protect ourselves until an official
> update is released?

If we revealed that, we would be telling everyone where to look.

Hopefully we will be able to release the fix and 1.5.1.3 soon.

Ryan



More information about the wp-hackers mailing list