[wp-trac] [WordPress Trac] #4811: CSRF & XSS on some importers

WordPress Trac wp-trac at lists.automattic.com
Sat Aug 25 02:56:41 GMT 2007

#4811: CSRF & XSS on some importers
 Reporter:  xknown    |       Owner:  anonymous
     Type:  defect    |      Status:  new      
 Priority:  normal    |   Milestone:           
Component:  Security  |     Version:  2.3      
 Severity:  normal    |    Keywords:           
 On trunk, Ultimate Tag Warrior and Category to Tag Converter are
 vulnerable to CSRF and XSS.

 Proof of Concepts

  1. CSRF: Convert all categories to tags without user confirmation.

  2. XSS: Someone has commited code to debug wp-cat2tag converter:
 echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
  It allows XSS attacks:

Ticket URL: <http://trac.wordpress.org/ticket/4811>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list