Forums

WordPress › Support » Requests and Feedback

[resolved] WordPress 3.3.1 Code Execution / Cross Site Scripting (4 posts)

  1. Raoul
    Member
    Posted 4 months ago #

    WordPress <= 3.3.1 Multiple Vulnerabilities

    http://www.exploit-db.com/exploits/18417/

  2. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 4 months ago #

    For the love of monkeys, PLEASE READ http://codex.wordpress.org/Security_FAQ

    DO NOT POST SUSPECTED EXPLOITS IN THE FORUMS!

    I've delete Xiderowg's post and passed it on.

  3. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 4 months ago #

    Official response:

    "We give priority to a better user experience at the install process. It is
    unlikely a user would go to the trouble of installing a copy of WordPress
    and then not finishing the setup process more-or-less immediately. The
    window of opportunity for exploiting such a vulnerability is very small."

  4. Otto
    Tech Ninja
    Posted 4 months ago #

    All of the listed issues in that report require that WordPress's code be copied to a server and then not setup yet. After WordPress is setup and the wp-config.php file has been created, none of the given report is valid anymore.

Reply

You must log in to post.

About this Topic

Tags