Someone named Ferruh has a proof-of-concept cross-site request forgery (CSRF) attack against WordPress (HT: DK at BlogSecurity). I’ve tried it out successfully on my own version of WordPress 2.3.3.
The scenario is like this: you go to leave a comment on someone’s site, and surreptitiously that (evil) site tricks you into changing your WordPress admin password [...]
-
Recent Comments
- NPR Intern Edition Powered by WordPress « WordPress Publisher Blog on NPR Interns’ Blog Powered by WordPress
- Austin Matzko on WordPress Job
- Logan Koester on WordPress Job
- Austin Matzko on The Right Way to Use JavaScript in Your WordPress Plugin
- The Right Way to Use JavaScript in Your WordPress Plugin · Pressed Words on How Many Bloggers Use Each Version of WordPress
-
RSS Subscription Feeds