Cross-site scripting vulnerability in Wordpress
Five new vulnerabilities in the popular Wordpress blogging system are described by German security specialist Benjamin Flesch in his blog. However, four of the vulnerabilities require Wordpress admin privileges to be exploited, which considerably narrows down their scope. These include SQL injection and cross-site scripting vulnerabilities. In addition, Flesch reports a database bug which does not cause security issues, and another previously known vulnerability.
- Wordpress ZeroDay Vulnerability Roundhouse Kick and why I nearly wrote the first Blog Worm (updated), blog by Benjamin Flesch
- Wordpress uploads.php Cross-Site Scripting Vulnerability, entry in Wordpress-Trac