[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] WordPress Persistent XSS

To: David Kierznowski <david.kierznowski@xxxxxxxxx>
Subject: Re: [Full-disclosure] WordPress Persistent XSS
From: Deepan <codeshepherd@xxxxxxxxx>
Date: Sat, 30 Dec 2006 20:41:42 +0800

On Wed, 2006-12-27 at 09:33 +0000, David Kierznowski wrote:
> Vulnerability Title: WordPress Persistent XSS
> Author: David Kierznowski
> Homepage: http://michaeldaw.org
> Software Vendor: WordPress Persistent XSS
> Versions affected: Confirmed in v2.0.5 (latest)
> 
> See homepage for more details.
> 
> WordPress was contacted: 26/12/06 22:04 BST
> Reply received: 27/12/06 06:11 BST
> WordPress has fixed this for v2.0.6, see
> http://trac.wordpress.org/changeset/4665

Dont you need admin privileges to access the templates.php url ? 
I am overseeing anything ? 

-- 
-----------------------------------------------
Regards
Deepan Chakravarthy N
http://www.codeshepherd.com/
http://sudoku-solver.net/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] WordPress Persistent XSS
  - From: David Kierznowski

References:
- [Full-disclosure] WordPress Persistent XSS
  - From: David Kierznowski

Prev by Date: [Full-disclosure] hello
Next by Date: [Full-disclosure] n3td3v's year in brief: 2006
Previous by thread: [Full-disclosure] WordPress Persistent XSS
Next by thread: Re: [Full-disclosure] WordPress Persistent XSS
Index(es):
- Date
- Thread