XSS Vulnerability

  • rolltidega

    (@rolltidega)


    16 years, 3 months ago

    Hello it appears that we have a vulnerability in WordPress on one of our sites. EX: We can enter http://<web site>/?s=%E2%80%98%3E%3Cscript%3Ealert%28%27yep%2C+vulnerable%27%29%3C%2Fscript%3E+

    and the code executes and displays a pop up message that says “Yep, vulnerable”. Any ideas on what I need to do to fix this? Thanks…

Viewing 4 replies - 1 through 4 (of 4 total)
  • whooami

    (@whooami)

    16 years, 3 months ago

    wheres the blog, and what theme and what version of wp are you using? and whats your search.php look like..

    Thread Starter rolltidega

    (@rolltidega)

    16 years, 3 months ago

    WordPress 2.3.2
    Theme: Glued Ideas – Subtle 0.3 by Christopher Frazier
    search.php contents below:

    [Code moderated please use http://wordpress.pastebin.ca for pasting long code]

    Thread Starter rolltidega

    (@rolltidega)

    16 years, 3 months ago

    Just an an FYI this site was upgraded to 2.3.2 a few weeks back. We recently created a new WordPress 2.3.2 site 2 weeks ago using the same theme and it is not vulnerable to this exploit. So maybe something with the upgrade caused this?

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    16 years, 3 months ago

    No, an upgrade would not change things that significantly. I suspect that the theme is vulnerable in some way, but some difference between your theme on one site vs. the other mitigates the problem.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘XSS Vulnerability’ is closed to new replies.