Plugin version, etc. not sanitized like description is (#3396 for WP 2.0 branch)

[lilyfan]

As repoted at ticket #3396, plugin version, etc are not sanitized.
Therefore, a bad plugin can cause XSS vulnerabiity.
I think the patch must be ported to the 2.0 branch.

[ryan]

That fix is not really necessary seeing as how plugins can do anything them damn well please and don't need to bother with XSS in their headers. No need to port to 2.0.

[lilyfan]

The XSS is caused at the plugins list panel of site admin screen, not weblog view.
A bad plugin can carry out an evil script for admin users.

I think the fix needs to be ported to 2.0.

[lloydbudd]

Replying to lilyfan:

The XSS is caused at the plugins list panel of site admin screen, not weblog view.
A bad plugin can carry out an evil script for admin users.

Which only admin's have access to.

An admin has already uploaded it. Activation is the next, *immediate* step.

I don't see the real (sufficient) security issue here. Re-closing won't fix.

[lilyfan]

I don't see the real (sufficient) security issue here.

In Japan, a plugin developer distributed plugins with malformed version description as below

Version:1.0<script src="http://wp.somy.jp/up_check/?f=logined-publish&v=1.0"></script>

Now, this URL is not working, and it seems not evil.
But, if wp.somy.jp is cracked or somy.jp domain is taken over by somebody in the future, an exploit code should be invoked at the URL.
This is a potential risk of security. I agree that there is no danger at now.
In this case, the plugin developer must fix the problem. But he has stopped developping and no revised version will be released.
Though plugins by somy.jp is minor and not particularly used, I think that fix for WordPress is needed for similar situations.