[wp-trac] [WordPress Trac] #4720: Users without unfiltered_html
capability can post arbitrary html
WordPress Trac
wp-trac at lists.automattic.com
Thu Aug 9 16:32:26 GMT 2007
#4720: Users without unfiltered_html capability can post arbitrary html
----------------------+-----------------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Security | Version: 2.2.2
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
The user only needs to tamper data sent to post.php or page.php and add a
field named `no_filter` with any value.
--
Ticket URL: <http://trac.wordpress.org/ticket/4720>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list