Jeremy Visser
Fri, 03 Nov 2006 03:51:47 -0800
On Thu, 2006-11-02 at 20:03 -0500, Rick Beckman wrote: > Nope; I never wanted to complicate things beyond the Wordpress image > uploader. Plugins in use included: > [...] WP Slimstat [...]
I use WP-SlimStat and love it, although I know that it is _full_ of bugs. I know that the plugin author is busy, so it hasn't been updated in ages. I wouldn't be surprised if that were the attack vector. I know for a fact that it is vulnerable to HTML injection via the Referer checking. -- Jeremy Visser Email: [EMAIL PROTECTED] GPG id: CF13C41A Website: http://narnia.bounceme.net/jeremy/ _______________________________________________ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers