[wp-hackers] FW: [Full-disclosure] WordPress AdminPanel CSRF/XSS
- 0day
Mark Jaquith
mark.wordpress at txfx.net
Tue Feb 27 14:49:28 GMT 2007
On Feb 27, 2007, at 9:13 AM, Dr. Mike Wendell wrote:
> *chuckle* And folks wonder why iframes get stripped out in wpmu and
> wp.com.
The iframe isn't a necessary part of the exploit, and would be on the
malicious site (not the WP site) anyway. WPMU was vulnerable too
(Donncha just patched it 4 hours ago).
--
Mark Jaquith
http://markjaquith.com/
Covered Web Services
http://coveredwebservices.com/
More information about the wp-hackers
mailing list