Categories Site Actions X

XSS Flaw found in WordPress

Posted on Thursday, December 30th, 2010 in Internet by Nick

The folks at WordPress have announced today that a critical core security bug has been found in all 3.0.3 installs and below. The bug is a XSS flaw found in the HTML sanitation library, also known as KSES. The new update has been label as critical by the WordPress team.

Sophos Naked Security Blog said that the bug is “… quite trivial for folks with malicious intent to exploit”. “The flaws exist in parts of the code which are case-sensitive when detecting which protocols are allowed in certain parts of the application. The update prohibits evading the rules with mixed case input.”

I’ve already updated Newb Wired and suggest that you do the same.

HomeForumsXSS Flaw found in WordPress

This topic contains 0 replies, has 1 voice, and was last updated by  Nick December 30, 2010 at 11:00 PM.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #3288

    Nick
    Keymaster
    • Offline

    The folks at WordPress have announced today that a critical core security bug has been found in all 3.0.3 installs and below. The bug is a XSS flaw fo
    [See the full post at: XSS Flaw found in WordPress]

    Please let me know about any site issues!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Join the forum to add your own thoughts!