[wp-trac] [WordPress Trac] #28610: Persistent XSS and CSRF on wordpress 3.9.1
WordPress Trac
noreply at wordpress.org
Sat Jun 21 15:46:37 UTC 2014
#28610: Persistent XSS and CSRF on wordpress 3.9.1
---------------------------+-----------------------------
Reporter: avinash_thapa | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.9.1
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
As you release the new version of wordpress 3.9.1.
It consists of multiple vulnerabilities i.e Persistent XSS and CSRF.
This is present in the comment box.
An attaker can easily put the simple xss vector and able to create the XSS
there.
It is a critical Vulenrability as it is stored.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28610>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list