I've run across something that I think presents a potential security issue inside the admin section of WordPress.
While handling some of the spam comments that we receive, I noted the url section where their "website" would have been entered.
I hovered over it to see where it might <actually> be pointing, and was surprised to see a "popup preview".
- that would mean that some content was being pulled down from their website (had they entered one). If it was a link to malware, it would pull down the malware to our server?
Here is a screenshot to illustrate
We are a network security firm, and I wanted to bring this up, as we have to look at these issues (like when Firefox first "pre-pulled" Google search result content to "speed up search" - and we deactivated it).