A Cross-site scripting (XSS) vulnerability has been discovered in wp-admin/templates.php in WordPress which affect all version till 2.0.5.
Wordpress is prone to a HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to 2.0.6 are vulnerable to this issue.
source – Security Focus
According to LiewCF, The National Vulnerability Database has reported this as severity 7.0 (high).
I “strongly” encourage wordpress users to apply the Latest Patch ASAP!! Just download the necessary file and overwrite the existing.
Loading ...