Wordpress HTML Injection Vulnerability
By Reaper-X on Jan 1, 2007 in Computer Security, Freeware, Network and Security, Open Source, PHP, Software, Wordpress
Wow .. i just got back .. and i read a very interesting news about the recent wordpress html injection vulnerability issue that is exists on several .. um .. almost all versions of wordpress below 2.0.6 (well i dont know anything about the 1.x series of wordpress because i never use it before)
Fortunately there is already a fix for this problem and you can do it by applying the latest patch from Wordpress Trac into the templates.php file in your wp-admin directory
As as a note, if you want to see a proof of concept regarding this wordpress issue, you can go to David Kierznowski homepage and see it by yourself
And yet another note, Wordpress 2.0.6 RC2 has been released (from the WP-Testers Mailing Lists) and this new release candidate already include a fix for this problem
Website RSS Feed
Stumble this post
Bookmark this post on Del.icio.us
Submit this post to Digg
Submit this post to Reddit
Print this
Trackback URL
This is my first post
just saying HI