As I’m getting more and more divergent from the original Wordpress codebase, I am finding more and more things wrong with it. So expect more of these as I dissect the code. Frankly, I’m pretty appalled at how a lot of it is written - you’d think after all these years the shock of how people code would wear off on me, but it never does. Anyway, in the latest round of me cleaning up the code, I found a few more vulnerabilities. I have no idea what versions this affects, so your mileage may vary. Here are the two XSS exploits against logged in administrators (this version of the exploit works only against Firefox, but you could easily modify it for IE too):
If an attacker could get the administrators to click on this link it could allow the attacker to steal cookies, read nonces for writing posts, moderating comments, writing their own PHP files, or worse. This isn’t really news, except that I want to make it clear for those of you who use Wordpress because you seeing me use it that I’m no longer using the same code base, any of the included JS/WYSIWYG stuff or any of the modules. With all the vulnerabilities over the last few months and the constant upgrading, I just don’t trust it as a reliable platform anymore. So welcome to ha.CkersPress.