Support » Requests and Feedback » Possible Cross Scripting Vulnerability?

Viewing 7 replies - 1 through 7 (of 7 total)
  • esmi

    (@esmi)

    Forum Moderator

    Send an email with the details to security@wordpress.org.

    Done!

    Andrew Nacin

    (@nacin)

    Lead Developer

    This was reported to us last week. We’re still looking into it and will likely add a sanity check here, though we can currently determine that this is an extremely minor XSS issue and will not compromise an installation.

    For this to work, you would have to be an administrator on a single site install, or a super administrator on a multisite install, rendering the exploit pretty much useless as admins can do anything anyway. We also perform proper capability checks and most importantly a nonce and referer check, so it poses no CSRF or privilege escalation threat unless of course the server is already compromised for both the filesystem and database, at which point you’re toast anyway.

    Andrew Nacin

    (@nacin)

    Lead Developer

    For those wondering, this is fixed in WordPress 3.1.

    Roy

    (@gangleri)

    This DOES make me wonder if we can wait for 3.1 or when it that version due?

    Andrew Nacin

    (@nacin)

    Lead Developer

    As explained in my first comment, this vulnerability is simply not exploitable, hence why we’re not preparing a version 3.0.2.

    The hacks you’re seeing are server-level issues, not application-level. There are no known exploitable security vulnerabilities in WordPress and haven’t been in more than a year.

    Roy

    (@gangleri)

    Ah indeed, sorry and thanks.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Possible Cross Scripting Vulnerability?’ is closed to new replies.