[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Question about disclosure of WordPress plugin vulnerabilities

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Question about disclosure of WordPress plugin vulnerabilities
From: Miroslav Stampar <miroslav.stampar@xxxxxxxxx>
Date: Fri, 26 Aug 2011 14:08:26 +0200

Hi.

Does anybody know what's the general opinion on disclosure of
WordPress plugin vulnerabilities in these two sections:
1) unfiltered string parameter values - while magic_quotes are
automatically turned on on WordPress >= 3.0 [1] installations
2) admin ones (requires access to the restricted admin area)

Kind regards.

References:
[1] http://kovshenin.com/archives/wordpress-and-magic-quotes/

-- 
Miroslav Stampar
http://about.me/stamparm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Question about disclosure of WordPress plugin vulnerabilities
  - From: Andrew Farmer

Prev by Date: Re: [Full-disclosure] Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
Next by Date: Re: [Full-disclosure] Apache Killer
Previous by thread: Re: [Full-disclosure] Paper - Dissecting Java Server Faces for Penetration Testing
Next by thread: Re: [Full-disclosure] Question about disclosure of WordPress plugin vulnerabilities
Index(es):
- Date
- Thread