Vulnerabilities Found in WordPress Blogging Tool
ZuperDee writes "According to this Netcraft article, 'Security vulnerabilities have been found in WordPress, the popular PHP-based open source blogging application. Some scripts in WordPress are not properly validated, leaving the program open to cross-site scripting (XSS) attacks in which third parties could insert content into a WordPress-driven site.'"
If you read Bugtraq and/or Websec, you'll see a dozen of this kind of vulnerability each week.
There's still a lot of XSS bugs in a lot of products. And new ones get added all the time.
Just be careful out there, kids. Don't trust input. Barely trust output.
Eloi, Eloi, lema sabachtani?
www.fogbound.net
i'm using mod_security, but not sure if it'll prevent or slow down XSS attacks. can anyone advice me on this? or do i have to wait for WP developers for a patch.