[wp-hackers] Reputed XSS issue with WordPress (templates.php)
elharo at metalab.unc.edu
Tue Feb 13 17:59:21 GMT 2007
Alex Günsche wrote:
> With the same arguments, you could say that other managing actions which
> are triggered by a GET request are vulnerable to XSS attacks.
Very possibly they are. Managing actions should not be triggered by GET
requests. Full stop.
I doubt we've seen the last or the worst of these attacks.
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
More information about the wp-hackers