Someone posted this article:
And I did find something, it was related to CSRF. I wrote the general idea up an entry1 and a follow-up to it2. Of course with no mention of any specific software. In a Nutshell: I could have tried to delete entries on your weblog, just by you viewing this page â€“ no matter your browser-vendor or settings. The success would not have been guaranteed, since it would have required that you had to be logged in to your site, or using the auto-login-feature â€“ that however is not a rare condition. IMHO this was a pretty serious issue.
It appears to be something of the Cookie Grabber genre, but I am just wondering if this is a hypothetical issue, is it restricted to IE since that browser has so many holes in it anyway?
What concerns me most about this is the inability to backup.
- The topic ‘Does WP allow hacking?’ is closed to new replies.