[wp-hackers] Moved from BlogWare to WordPress - Need Help

[Paul Mitchell]

Sean Hickey wrote:

Hello Sean. I raised the alarm.

> So unless I'm missing something, any security holes in the plugin also
> exists in the core of WP, which kind of makes
> a security hole in the plugin a mute point.
There is no referer check that I can see. Your plugin directly UPDATEs
the database instead of calling wp_update_post().

-- 
Paul Mitchell, Coding and Crafting Quality Software
http://www.libertini.net/libertus/category/software/