[wp-hackers] FW: [Full-disclosure] WordPress AdminPanel CSRF/XSS - 0day

Mark Jaquith mark.wordpress at txfx.net
Tue Feb 27 14:49:28 GMT 2007

On Feb 27, 2007, at 9:13 AM, Dr. Mike Wendell wrote:

> *chuckle* And folks wonder why iframes get stripped out in wpmu and  
> wp.com.

The iframe isn't a necessary part of the exploit, and would be on the  
malicious site (not the WP site) anyway.  WPMU was vulnerable too  
(Donncha just patched it 4 hours ago).

Mark Jaquith

Covered Web Services

More information about the wp-hackers mailing list