Now You Can Download Google Chrome OS for Free!
 

WordPress Template.php HTML Injection Vulnerability

Filed in: Security, WordPress — January 3rd, 2007

advertisement

A cross-site scripting (XSS) vulnerability has been found in wp-admin/templates.php in WordPress. WordPress 2.0.5 and previous versions are affected. The National Vulnerability Database has marked the severity as 7.0 (High).

WordPress has fixed this for v2.0.6 and a patch has been released for v2.0.5.

The possible damage

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. — SecurityFocus.com

Read also:

[Thanks, JohnTP]

technorati tags , , ,

Read also:

Now You Can Download Google Chrome OS for Free!
« Death Note, the Online Version
Happy New Year 2007! »
  • liew, how do i install this security patch?

    thanks in advanced. :)
  • LcF
    @malique: you can download the patched file at http://trac.wordpress.org/changeset/4665 and replace your existing file on the server. Please make sure you have a backup first.
  • WordPress 2.0.6 has been released which includes this fix.
blog comments powered by Disqus