On 7/29/06, Viper007Bond <[EMAIL PROTECTED]> wrote:
As for that supposed security issue, it's kinda a "dur". I mean, of course there are going to be problems if you allow users to register and have it set to auto-promote them to an admin or something like that. That's not an exploit, that's just stupidity.
Uhm, the security issue is that WordPress didn't properly validate plugin page caps for unprivledged users, meaning someone with absolutely no caps could access plugin pages that may let them take over the blog, depending on the plugin. No matter how small the corner case, don't publically discount the validity, people need to upgrade, and when they don't because someone told them the vulnerability which their blog was taken down through was a joke, we'll never hear the end of it. -- --Robert Deaton _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
