[wp-hackers] Matt's site hacked?

Mark Jaquith mark.wordpress at txfx.net
Thu Jun 8 05:51:29 GMT 2006

On Jun 8, 2006, at 12:48 AM, Matt Mullenweg wrote:

> It was a pretty lame password, sorry. Sometimes I just get lazy.  
> From what I can tell there were no WP exploits used, it was just  
> the login form.

I had a moment of panic there.  What if the Dashboard didn't protect  
against HTML injection?  Someone could compromise every WP install in  
the world!  But it's okay, this is airtight:  :-)

> <li><a href='<?php echo wp_filter_kses($item['link']); ?>'><?php  
> echo wp_specialchars($item['title']); ?></a></li>

Mark Jaquith

More information about the wp-hackers mailing list