[Full-disclosure] WordPress Persistent XSS
Deepan
codeshepherd at gmail.com
Sat Dec 30 12:41:42 GMT 2006
On Wed, 2006-12-27 at 09:33 +0000, David Kierznowski wrote:
> Vulnerability Title: WordPress Persistent XSS
> Author: David Kierznowski
> Homepage: http://michaeldaw.org
> Software Vendor: WordPress Persistent XSS
> Versions affected: Confirmed in v2.0.5 (latest)
>
> See homepage for more details.
>
> WordPress was contacted: 26/12/06 22:04 BST
> Reply received: 27/12/06 06:11 BST
> WordPress has fixed this for v2.0.6, see
> http://trac.wordpress.org/changeset/4665
Dont you need admin privileges to access the templates.php url ?
I am overseeing anything ?
--
-----------------------------------------------
Regards
Deepan Chakravarthy N
http://www.codeshepherd.com/
http://sudoku-solver.net/
Full-Disclosure is hosted and sponsored by Secunia.