[wp-trac] Re: [WordPress Trac] #7325: Plugin version,
etc. not sanitized like description is (#3396 for WP 2.0 branch)
WordPress Trac
wp-trac at lists.automattic.com
Tue Aug 19 20:25:31 GMT 2008
#7325: Plugin version, etc. not sanitized like description is (#3396 for WP 2.0
branch)
----------------------------+-----------------------------------------------
Reporter: lilyfan | Owner: anonymous
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Administration | Version: 2.0.11
Severity: normal | Resolution: wontfix
Keywords: has-patch |
----------------------------+-----------------------------------------------
Comment (by lilyfan):
> I don't see the real (sufficient) security issue here.
In Japan, a plugin developer distributed plugins with malformed version
description as below
{{{
Version:1.0<script src="http://wp.somy.jp/up_check/?f=logined-
publish&v=1.0"></script>
}}}
Now, this URL is not working, and it seems not evil.
But, if wp.somy.jp is cracked or somy.jp domain is taken over by somebody
in the future, an exploit code should be invoked at the URL.
This is a potential risk of security. I agree that there is no danger at
now.
In this case, the plugin developer must fix the problem. But he has
stopped developping and no revised version will be released.
Though plugins by somy.jp is minor and not particularly used, I think that
fix for WordPress is needed for similar situations.
--
Ticket URL: <http://trac.wordpress.org/ticket/7325#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list