Wordpress core 3.1.3 Persistent XSS Vulnerability
2011-06-27 10:15:04Title: Wordpress core 3.1.3 self-XSS
Author: Jelmer de Hen
Software link: http://wordpress.org/download/Version: 3.1.3
Wordpress 3.1.3 has a self-XSS vulnerability in the following pages:/wp-admin/user-edit.php?user_id=<uid>/wp-admin/profile.php
By putting Javascript inside the input elements "first_name", "last_name" or "nickname" the self-XSS will trigger 3 times.
More information: http://h.ackack.net/0day-xss-in-wordpress-core.html
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.