[wp-hackers] Xss Vulnerability

Dougal Campbell dougal at gunters.org
Fri Dec 29 16:02:46 GMT 2006


Ryan Boren wrote:
> On 12/28/06, dabos <daboslab at gmail.com> wrote:
>>
>> Hi Guys. Tell me more about this Xss Vulnerability for Wp 2.0.5 in
>> wp-admin/templates.php ?
>> [....]
>
> For your testing pleasure:
>
> http://wordpress.org/beta/wordpress-2.0.6-RC2.zip

Even before the patch, isn't it true that this hole could only be
exploited by a registered user who already had the 'edit_files'
privilege set on their profile?

-- 
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/



More information about the wp-hackers mailing list