[wp-hackers] Reputed XSS issue with WordPress (templates.php)

Elliotte Harold elharo at metalab.unc.edu
Tue Feb 13 17:59:21 GMT 2007

Alex Günsche wrote:

> With the same arguments, you could say that other managing actions which
> are triggered by a GET request are vulnerable to XSS attacks.

Very possibly they are. Managing actions should not be triggered by GET 
requests. Full stop.

I doubt we've seen the last or the worst of these attacks.

Elliotte Rusty Harold  elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!

More information about the wp-hackers mailing list