[wp-trac] Re: [WordPress Trac] #4627: Link manager exploit?

WordPress Trac wp-trac at lists.automattic.com
Wed Oct 24 08:03:31 GMT 2007

#4627: Link manager exploit?
 Reporter:  cbdilger  |        Owner:  pishmishy
     Type:  defect    |       Status:  reopened 
 Priority:  high      |    Milestone:  2.0.12   
Component:  Security  |      Version:  2.2      
 Severity:  normal    |   Resolution:           
 Keywords:            |  
Comment (by westi):

 Replying to [comment:21 ryan]:
 > hmmm, add_link()/edit_link() already did a cap check, so I think our
 patch didn't really change anything.


 I noticed those first when I went to look at branches/2.0
 From what I can tell from reading through both the ajax and non-ajax
 routes you need a user with manage_links to achieve adding a link.

 This is beginning to feel like someone has either stolen then cookies from
 a high level user _or_ found a way to create a high level user - I can't
 see any vector for that from the code reviewing I have done.

Ticket URL: <http://trac.wordpress.org/ticket/4627#comment:22>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list