[wp-hackers] Security. Forum post - 2.0.1 has holes

Gustavo Barron cicloid at idealabs.tk
Fri Mar 3 10:13:03 GMT 2006


Podz escribió:
> Sebastian Herp wrote:
>   
>> Podz wrote:
>>     
>>> Can I suggest a Dev Blog post today that will kill this security crap in
>>> the forums, or the release of a fixed up 2.0.2 ?
>>>
>>> I don't think ignoring this stuff is the best approach.
>>>       
>> Why not? It's a false alarm. I tried it and it only works as admin. Why
>> should I hack a blog, when I am already an admin ... big deal!
>>     
>
> Do you think I ask for this because I'm bored and can't think of
> anything else to do on a Thursday? Do you realise how incredibly
> annoying this is when we have to continually defend WordPress? Do you
> realise how many times this has happened before and that we KNOW a post
> by Matt shuts them all up? No? Right, trust me okay?
>
> I'll be honest though - if it wasn't for the dashboard I think something
> may well have been posted.
>
> P.
>   
In the spanish speakers community, started linking this "XSS", and
making a little bad publicity to the project, as for myself, I just
discovered this posts on many blogs, and started explaining that there
isnt any threat on this. But well, we really need to put this on the the
dev blog.


More information about the wp-hackers mailing list