Package: wordpress Version: 2.0.10-1 Severity: important Tags: security Wordpress 2.0.10 has several security vulnerabilities which are fixed in a new release 2.0.11. Full details are at:
http://wordpress.org/development/2007/08/wordpress-222-and-2011/ http://trac.wordpress.org/query?status=closed&milestone=2.0.11 The vulnerabilities are: - XSS in the admin page for the default theme: http://www.example.com/wp-admin/themes.php?page=functions.php&foo=";><script>alert(String.fromCharCode(88,83,83))</script> - SQL injection attack (see http://www.waraxe.us/ftopict-1780.html#7560 and http://trac.wordpress.org/ticket/4322) - Two more (an XSS attack and a SQL injection attack) that probably aren't exploitable in any useful way, at least in most cases. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
