[wp-trac] Re: [WordPress Trac] #7325: Plugin version,
etc. not sanitized like description is (#3396 for WP 2.0 branch)
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 13 13:02:35 GMT 2008
#7325: Plugin version, etc. not sanitized like description is (#3396 for WP 2.0
branch)
----------------------------+-----------------------------------------------
Reporter: lilyfan | Owner: anonymous
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version: 2.0.11
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+-----------------------------------------------
Changes (by lilyfan):
* status: closed => reopened
* resolution: wontfix =>
Comment:
The XSS is caused at the plugins list panel of site admin screen, not
weblog view.
A bad plugin can carry out an evil script for admin users.
I think the fix needs to be ported to 2.0.
--
Ticket URL: <http://trac.wordpress.org/ticket/7325#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list