WordPress.org

Forums

[resolved] WordPress 3.3.1 Code Execution / Cross Site Scripting (4 posts)

  1. Raoul
    Member
    Posted 3 years ago #

    WordPress <= 3.3.1 Multiple Vulnerabilities

    http://www.exploit-db.com/exploits/18417/

  2. For the love of monkeys, PLEASE READ http://codex.wordpress.org/Security_FAQ

    DO NOT POST SUSPECTED EXPLOITS IN THE FORUMS!

    I've delete Xiderowg's post and passed it on.

  3. Official response:

    "We give priority to a better user experience at the install process. It is
    unlikely a user would go to the trouble of installing a copy of WordPress
    and then not finishing the setup process more-or-less immediately. The
    window of opportunity for exploiting such a vulnerability is very small."

  4. All of the listed issues in that report require that WordPress's code be copied to a server and then not setup yet. After WordPress is setup and the wp-config.php file has been created, none of the given report is valid anymore.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags