[wp-trac] [WordPress Trac] #4689: Wordpress uploads.php Cross-Site Scripting Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Tue Jul 31 20:04:56 GMT 2007

#4689: Wordpress uploads.php Cross-Site Scripting Vulnerability
 Reporter:  BenjaminFlesch   |       Owner:  anonymous
     Type:  enhancement      |      Status:  new      
 Priority:  highest omg bbq  |   Milestone:           
Component:  Security         |     Version:  2.2.1    
 Severity:  critical         |    Keywords:           
 In /upload.php the parameter style is prone to XSS Attacks when editing
 Temporary Uploads (they usually have a negative ID). An attack could look
 like this:


 // IDs should be integers
 $ID = (int) $ID;
 $post_id = (int) $post_id;
 *$style = preg_replace('/[^A-Za-z]/', '', $style);

 add the line marked with the * to upload.php behind the $post_id one

Ticket URL: <http://trac.wordpress.org/ticket/4689>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list