Wordpress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:

Cross-site Scripting:
/wp-login.php?action=login&redirect_to=[XSS]
/wp-admin/templates.php?file=[XSS]
/wp-admin/post.php?content=[XSS]

SQL Injection:
/index.php?m=bla
/wp-admin/edit.php?m=bla


 

Privacy Statement
Copyright 2010, SecurityFocus