Security Issue – Popup Url Preview in Admin Section
-
Hi,
I’ve run across something that I think presents a potential security issue inside the admin section of WordPress.
While handling some of the spam comments that we receive, I noted the url section where their “website” would have been entered.
I hovered over it to see where it might <actually> be pointing, and was surprised to see a “popup preview”.
– that would mean that some content was being pulled down from their website (had they entered one). If it was a link to malware, it would pull down the malware to our server?
Here is a screenshot to illustrate
http://www.optrics.com/images/wordpress-spam-url-preview.gif
We are a network security firm, and I wanted to bring this up, as we have to look at these issues (like when Firefox first “pre-pulled” Google search result content to “speed up search” – and we deactivated it).
Thanks
David
- The topic ‘Security Issue – Popup Url Preview in Admin Section’ is closed to new replies.