[wp-hackers] Xss Vulnerability

Dougal Campbell dougal at gunters.org
Fri Dec 29 16:02:46 GMT 2006

Ryan Boren wrote:
> On 12/28/06, dabos <daboslab at gmail.com> wrote:
>> Hi Guys. Tell me more about this Xss Vulnerability for Wp 2.0.5 in
>> wp-admin/templates.php ?
>> [....]
> For your testing pleasure:
> http://wordpress.org/beta/wordpress-2.0.6-RC2.zip

Even before the patch, isn't it true that this hole could only be
exploited by a registered user who already had the 'edit_files'
privilege set on their profile?

Dougal Campbell <dougal at gunters.org>

More information about the wp-hackers mailing list