Wordpress 3.0.4 XSS critical update

cd34 · 2010-12-29, 08:17 PM

changeset

http://core.trac.wordpress.org/chang...2/branches/3.0

basically, anywhere someone can enter input that might contain html.. comments, bio, posts, etc. can be exploited.

Bill · 2010-12-29, 08:35 PM

Damn, you gotta be some sort of frikking genius or savant to understand that page.

But sounds fucked up.

What happens if you have comments set to approve only? Does the exploit still get you?

2010-12-29, 08:17 PM	#1
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	changeset http://core.trac.wordpress.org/chang...2/branches/3.0 basically, anywhere someone can enter input that might contain html.. comments, bio, posts, etc. can be exploited. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2010-12-29, 08:35 PM	#2
Bill Selling porn allows me to stay in a constant state of Bliss - ain't that a trip! Join Date: Apr 2003 Posts: 3,914	Damn, you gotta be some sort of frikking genius or savant to understand that page. But sounds fucked up. What happens if you have comments set to approve only? Does the exploit still get you?