[wp-hackers] Xss Vulnerability
dougal at gunters.org
Fri Dec 29 16:02:46 GMT 2006
Ryan Boren wrote:
> On 12/28/06, dabos <daboslab at gmail.com> wrote:
>> Hi Guys. Tell me more about this Xss Vulnerability for Wp 2.0.5 in
>> wp-admin/templates.php ?
> For your testing pleasure:
Even before the patch, isn't it true that this hole could only be
exploited by a registered user who already had the 'edit_files'
privilege set on their profile?
Dougal Campbell <dougal at gunters.org>
More information about the wp-hackers