[wp-trac] Re: [WordPress Trac] #5313: no user checking if the
"post_type" is set to page
WordPress Trac
wp-trac at lists.automattic.com
Sun Feb 3 15:12:26 GMT 2008
#5313: no user checking if the "post_type" is set to page
-----------------------------+----------------------------------------------
Reporter: Columcille | Owner: josephscott
Type: defect | Status: new
Priority: highest omg bbq | Milestone: 2.3.3
Component: Security | Version: 2.3.1
Severity: blocker | Resolution:
Keywords: |
-----------------------------+----------------------------------------------
Comment (by cbdilger):
I've had mysterious spam-type content added to posts, as I noted above
("iframe" content) [http://wordpress.org/support/topic/151368 and here
("noscript" content)]. And here's
[http://wordpress.org/support/topic/154139 a similar issue ("noscript")].
The [http://wordpress.org/support/topic/134928/ support thread referenced
by lloydbudd] mentions users as part of the exploit. Has that been
confirmed? I haven't had any unexplained user registrations to my weblog
(I know all the registrants). In fact, in the times I've been hit, I
haven't seen any new user registrations.
Thanks, Bradley
--
Ticket URL: <http://trac.wordpress.org/ticket/5313#comment:19>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list