[wp-hackers] Rethinking check_admin_referer()
Michael D. Adams
mikea at turbonet.com
Tue Apr 18 21:11:40 GMT 2006
On Tue, 18 Apr 2006, David House wrote:
> 1) Admin writes a post.
> 2) Malicious user leaves a comment with an "image", whose source
> redirecs to http://yoursite.com/wp-admin/post.php?action=delete&post=123
> 3) Admin logs in
> 4) Manage -> Comments
> 5) Post is deleted.
Have you tried this? KSES should filter out IMGs from users that don't
have the unfiltered_html capability.
Regardless, the draft issue mentioned previously  is still there. As
mentioned by others, we should POST.
More information about the wp-hackers