Dale's Weblog

XSS Security Holes in WordPress

Security vulnerabilities have been found in WordPress that allows users to enter code into the site through certain urls (whose content is not checked).

Examples:
http://[victim]/wp-login.php?redirect_to=[code]
http://[victim]/wp-login.php?mode=bookmarklet&text=[code]
http://[victim]/wp-login.php?mode=bookmarklet&popupurl=[code]
http://[victim]/wp-login.php?mode=bookmarklet&popuptitle=[code]
http://[victim]/admin-header.php?redirect=1&redirect_url=%22;[code]//
http://[victim]/bookmarklet.php?popuptitle=[code]
http://[victim]/bookmarklet.php?popupurl=[code]]
http://[victim]/bookmarklet.php?content=[code]
http://[victim]/bookmarklet.php?post_title=[code]
http://[victim]/categories.php?action=edit&cat_ID=[code]
http://[victim]/edit.php?s=[code]
http://[victim]/edit-comments.php?s=[code]
http://[victim]/edit-comments.php?mode=[code]

XSS (cross-site scripting) holes are common in many php scripts and Wordpress isn’t the only effected blogging tool. LiveJournal and Blogger are also vulnerable.

Athlough this is a somewhat large security issue wordpress users shouldn’t be too worried, all scripts have bugs.

The Wordpress team are working on a 1.2.1 release to fix these issues. So look out for it.

Related links:
http://wordpress.org/support/4/13818
http://wordpress.org/support/7/13856
http://news.netcraft.com/archives/2004/09/30/security_holes_in_wordpress_blogging_tool.html
http://secunia.com/advisories/12683/