id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
20593	wordpress 3.3.2 clickjacking	abysssec		"Wordpress Admin panel has x-frame-option which prevent clickjacking but in main page of blog no x-frame-option has been set, so it possible to trick him and make him to post a comment, using Clickjacking. As you may know admin can post comment with html and it is obvious by default this isn't dangerous, But as blog main page has no x-frame-option it is possible to make XSS of it and finally you can mix ClickJacking /XSS / HTTPOnly Disclosure to make a working exploit.

thanks Abysssec Team"	defect (bug)	closed	normal		Gallery		critical	invalid