[wp-hackers] Critical WP Flaw?

Ryan Boren ryan at boren.nu
Thu Jul 27 08:41:01 GMT 2006


Computer Guru wrote:
>> See my previous.  The problem is with plugins that don't check caps.
>>
>>> 2) _Official_ threat level, just how serious is it?
>> If plugins don't check caps, it can be very serious.
> 
> Thanks for being here Ryan, 
> 
> I don't understand. Dr. Dave's post _doesn't_ allude to plugins, it says it's a WP threat in general. So it's not? Like, if I have no plugins, I'm safe? The WP-Core isn't affected? 
> 
> Then, pardon my asking, what's the veil of secrecy for if it's a plugin vulnerability?

The plugins still need to be fixed, so a little secrecy is in order even 
though this thread has probably given up the game already.

Regardless of this bug, 2.0.4 is a security release.  Let's test the 
beta and get it out there.

Ryan



More information about the wp-hackers mailing list