Opened 16 years ago
Closed 16 years ago
#4811 closed defect (bug) (fixed)
CSRF & XSS on some importers
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 2.3 | Priority: | high |
| Severity: | major | Version: | 2.3 |
| Component: | Security | Keywords: | has-patch commit |
| Focuses: | Cc: |
Description
On trunk, Ultimate Tag Warrior and Category to Tag Converter are vulnerable to CSRF and XSS.
Proof of Concepts
- CSRF: Convert all categories to tags without user confirmation. http://localhost/wp/wp-admin/admin.php?import=wp-cat2tag&step=4
- XSS: Someone has commited code to debug wp-cat2tag converter:
echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
It allows XSS attacks:http://localhost/wp/wp-admin/admin.php?import=wp-cat2tag&--><script>alert(/XSS/)</script>
Attachments (1)
Change History (3)
#1
@
16 years ago
- Keywords has-patch commit added
- Milestone set to 2.3
- Priority changed from normal to high
- Severity changed from normal to major
I'm partially to blame for the UTW importer (didn't check it over before committing) and wholly to blame for the second one (bad coding).
+2 to the patch.
Note: See
TracTickets for help on using
tickets.
Avoid CSRF and XSS on some importers