Hello Bugtraq!
Regarding this XSS in WordPress 3.0.1
(http://www.securityfocus.com/archive/1/513101/30/30/threaded) I'll note
about what I already wrote at my site last week. And already wrote to David.
That for the attack it's needed to know token (_wpnonce), which designed to
protect
[MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue
Details
=
Product: WordPress 3.0.1
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.wordpress.org/
Advisory-Status: published
Credits
=
Discovered by: David Vieira-Kurz