[wp-hackers] XSS Vulnerability reported by a french geek

Rob r at robm.me.uk
Tue May 29 16:08:17 GMT 2007


On 29/05/07, Aaron Brazell <abrazell at b5media.com> wrote:
> I still still still don't see this as an actual flaw. unfiltered_html
> is a capability that an administrator should have. If the person has
> administrative rights, well they can delete the whole blog. Is that
> classified as a security risk too?

I agree, but out of interest why don't we nonce comments? It seems
like we could stop a lot of comment spam and seal up this kind of
vulnerability if we did.

Theme compatibility issues?

-- 
Rob

-----------------------
Rob Miller
Senior Programmer

email - rob at graphics.net
web - http://www.graphics.net/ | http://robm.me.uk/


More information about the wp-hackers mailing list