Slashdot Mirror


Vulnerabilities Found in WordPress Blogging Tool

ZuperDee writes "According to this Netcraft article, 'Security vulnerabilities have been found in WordPress, the popular PHP-based open source blogging application. Some scripts in WordPress are not properly validated, leaving the program open to cross-site scripting (XSS) attacks in which third parties could insert content into a WordPress-driven site.'"

2 of 12 comments (clear)

  1. Uh... This is News? by angst_ridden_hipster · · Score: 3, Interesting

    If you read Bugtraq and/or Websec, you'll see a dozen of this kind of vulnerability each week.

    There's still a lot of XSS bugs in a lot of products. And new ones get added all the time.

    Just be careful out there, kids. Don't trust input. Barely trust output.

    --
    Eloi, Eloi, lema sabachtani?
    www.fogbound.net
  2. can mod_security help? by scaturan · · Score: 2, Interesting

    i'm using mod_security, but not sure if it'll prevent or slow down XSS attacks. can anyone advice me on this? or do i have to wait for WP developers for a patch.