[wp-trac] Re: [WordPress Trac] #7710: admin account exploit

WordPress Trac wp-trac at lists.automattic.com
Mon Sep 8 16:04:11 GMT 2008


#7710: admin account exploit
-----------------------------+----------------------------------------------
 Reporter:  jeremyclark13    |        Owner:  anonymous
     Type:  defect           |       Status:  new      
 Priority:  high             |    Milestone:  2.6.2    
Component:  Security         |      Version:  2.6.1    
 Severity:  critical         |   Resolution:           
 Keywords:  milworm exploit  |  
-----------------------------+----------------------------------------------
Comment (by Otto42):

 Replying to [comment:2 g30rg3x]:
 > This problem was already addressed in changeset
 [http://trac.wordpress.org/changeset/8748 8748] (for 2.6.x) and in
 [http://trac.wordpress.org/changeset/8704 8704] (for trunk).

 Bah. I liked my solution better. ;)

 However, that change is post-2.6.1, so the current latest released version
 is still vulnerable to this attack. 2.6.2 should get pushed out quickly
 because of this flaw, IMO.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7710#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list