[wp-trac] Re: [WordPress Trac] #7325: Plugin version,
etc. not sanitized like description is (#3396 for WP 2.0 branch)
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 13 15:45:08 GMT 2008
#7325: Plugin version, etc. not sanitized like description is (#3396 for WP 2.0
branch)
----------------------------+-----------------------------------------------
Reporter: lilyfan | Owner: anonymous
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Administration | Version: 2.0.11
Severity: normal | Resolution: wontfix
Keywords: has-patch |
----------------------------+-----------------------------------------------
Changes (by lloydbudd):
* status: reopened => closed
* resolution: => wontfix
Comment:
Replying to [comment:2 lilyfan]:
> The XSS is caused at the plugins list panel of site admin screen, not
weblog view.
> A bad plugin can carry out an evil script for admin users.
Which only admin's have access to.
An admin has already uploaded it. Activation is the next, *immediate*
step.
I don't see the real (sufficient) security issue here. Re-closing won't
fix.
--
Ticket URL: <http://trac.wordpress.org/ticket/7325#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list