[wp-trac] Re: [WordPress Trac] #5313: no user checking if the "post_type" is set to page

WordPress Trac wp-trac at lists.automattic.com
Sat Feb 2 17:45:20 GMT 2008 

#5313: no user checking if the "post_type" is set to page
-----------------------------+----------------------------------------------
 Reporter:  Columcille       |        Owner:  josephscott
     Type:  defect           |       Status:  new        
 Priority:  highest omg bbq  |    Milestone:  2.5        
Component:  Security         |      Version:  2.3.1      
 Severity:  blocker          |   Resolution:             
 Keywords:                   |  
-----------------------------+----------------------------------------------
Changes (by lloydbudd):

  * severity:  critical => blocker

Old description:

> There is no user checking if the "post_type" is set to page.
>
> Feb 2, 2008 http://wordpress.org/support/topic/134928 now describes a
> security issue in xml-rpc:
>
> A personal has to already have an account on your blog, or be able to
> create an account (subscription)
>
> WORKAROUND: if enabled, disable subscription to your blog, or remove
> xmlrpc.php .
>
> http://wordpress.org/support/topic/134928/page/2#post-686510
> http://www.theseekerblog.com/?p=284
> http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-
> confirmed/

New description:

 There is no user checking if the "post_type" is set to page.

 Feb 2, 2008 http://wordpress.org/support/topic/134928 now describes a
 security issue in xml-rpc:

 Although this ticket has been open for 3 months, the previous description
 and the discussion here, on the forums, and elsewhere did not identify the
 vector.

 A person has to already have an account on your blog, or be able to create
 an account (even just subscription) to abuse this bug.

 WORKAROUND: if enabled, disable account creation including subscription to
 your blog, or temporarily delete the file xmlrpc.php .

 http://wordpress.org/support/topic/134928/page/2#post-686510
 http://www.theseekerblog.com/?p=284
 http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-
 confirmed/

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5313#comment:14>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list