WordPress Template.php HTML Injection Vulnerability
Filed in: Security, WordPress — January 3rd, 2007A cross-site scripting (XSS) vulnerability has been found in wp-admin/templates.php in WordPress. WordPress 2.0.5 and previous versions are affected. The National Vulnerability Database has marked the severity as 7.0 (High).
WordPress has fixed this for v2.0.6 and a patch has been released for v2.0.5.
The possible damage
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. — SecurityFocus.com
Read also:
[Thanks, JohnTP]
Like this post? Please share:
Follow @liewcf on Twitter; Join Facebook page; Subscribe to free newsletter for updates like this article..
Pingback: Latest Exploit In Wordpress | Wordpress Tutorials And Blogging Tips
Pingback: :: מיומניו של לקוח :: » ארכיון » בעיית אבטחה בוורדפרס (כל הגרסאות, כולל 2.0.5)
Pingback: El blog de Vitrubio » Actualización a la versión 2.0.6 de Wordpress