[wp-trac] [WordPress Trac] #14556: get_pagenum_link() vulnerable to XSS attacks
WordPress Trac
wp-trac at lists.automattic.com
Fri Aug 6 21:49:33 UTC 2010
#14556: get_pagenum_link() vulnerable to XSS attacks
--------------------------+-------------------------------------------------
Reporter: guigouz | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.0.1
Severity: critical | Keywords:
--------------------------+-------------------------------------------------
We're using get_pagenum_link() to build a page navigation instead of
older/newer posts only. We've found this vulnerability on multiple sites,
here's an example
http://robertbasic.com/blog/?%3E%22'%3E%3CScRiPt%3Ealert(428017202033)%3C/ScRiPt%3E
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14556>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list