[wp-hackers] SQL injection

Denis de Bernardy denis at mesoconcepts.com
Thu Dec 6 01:22:47 GMT 2007

I've tried with the example's url, including after urlencoding and
rawurlencoding it. The best I get is a WP database error
(http://trac.wordpress.org/ticket/5185). Which is arguably not good, since
the error comes from the translation of ' characters to their html entity
equivalent. But not worth being alarmed from as far as I can tell.

I'm curious to know the security folks' opinion on this though. Is this a
false alarm? Or are we going to have a 2.3.2 release in the next couple


More information about the wp-hackers mailing list