2.2.3 Vulnerability

  • Is version 2.2.3 still hackable with the XSS Exploit?

    It appears to have a vulnerability.

    Does 2.3 fix this?

    Thank you,

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    You’ll have to be more specific, exactly what vulnerability are you talking about?

    I don’t know of any working XSS vulnerability for 2.2.3, and I try to keep up with this sort of thing. So please be specific.

    https://vision7.org/wordpress-comments-xss-vulnerability/

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    I don’t see how that is legitimate, script tags get filtered out of comments if you’re not a trusted user. So you can post “alert” all you like, it won’t do anything. Script tags (along with most every other tag) are filtered out by kses.

    preaching to the choir ??

    Thread Starter quotes

    (@quotes)

    @otto42

    I am confused.

    Are you saying that this exploit did not happen?

    That is not true.

    Right now I am looking at dozens of sites that are running 2.2.3 and have been hacked.

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    “Been hacked” is different than “WordPress 2.2.3 has a vulnerability”. I can hack your site easily, if your permissions are wrong on the shared server and I gain access to the server through some other site.

    Just because a site is hacked doesn’t mean that they went through WordPress to do it.

    Tell me what the vulnerability actually is. Otherwise, there isn’t one.

    Also, an XSS vulnerability rarely leads to a site compromise. XSS is not generally used a lot by site hackers, they prefer SQL Injection.

    Thread Starter quotes

    (@quotes)

    They used the exact same exploit that they used to break into previous WordPress versions.

    you know thats a crap answer, and its crap because as exploits have been made public, they’ve been fixed in the next versions.

    Consequently, you cannot say that.

    Not to mention your language “exact same exploit” … absolute crap with a capital C

    you think you know something that someone else doesnt, here you go:

    [email protected]

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    They used the exact same exploit that they used to break into previous WordPress versions.

    And exactly what exploit would that be?

    Like I said, it’s put up or shut up when it comes to exploits. Say exactly what the exploit is. “The same one” isn’t actually saying anything, it just says that you really don’t have any idea what you’re talking about.

    LOOOL!

    With people like Otto42 and whooami holding the fort, I know I am not going to lose sleep over any real or imagined WP vulnerability ??

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘2.2.3 Vulnerability’ is closed to new replies.

Tags