[wp-trac] [WordPress Trac] #4973: Wordpress exploit and issue
WordPress Trac
wp-trac at lists.automattic.com
Fri Sep 14 11:45:12 GMT 2007
#4973: Wordpress exploit and issue
-----------------------+----------------------------------------------------
Reporter: gobinathm | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone:
Component: Security | Version:
Severity: normal | Keywords:
-----------------------+----------------------------------------------------
I am not sure whether this have been taken care. Please look in the
following informations. Its fro Web Security Mailing List
http://milw0rm.com/exploits/4397
---------- Forwarded message ----------
From: Daniel Cuthbert <daniel.cuthbert at owasp.org>
Date: Sep 13, 2007 3:05 PM
Subject: [WEB SECURITY] When the community takes action
To: websecurity at webappsec.org
Sigh, another Wordpress exploit and issue, no shock there!
http://milw0rm.com/exploits/4397
Wordpress has a massive user-base, and it seems that the developers
have little, or no, concept of any SDLC or basic secure development
as every new release is met by a serious remote vulnerability that
allows attackers to compromise the host blog in some form or manner.
In an ideal world, we'd see the lead developers saying they need help
and asking the community for that help, but what happens when they
don't?
I'm not saying become vigilantes or something, but something should
be done to help projects like Wordpress act in a more socially
responsible way.
Thoughts?
--
Ticket URL: <http://trac.wordpress.org/ticket/4973>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list