A vulnerability in WordPress has been discovered which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the “year” parameter when used in wp_title() is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

The vulnerability is confirmed in version 2.1.2. Other versions may also be affected.

Solution

The vulnerability is fixed in the SVN repository (revision 5003).

Wordpress is dangerous, Upgrade now! seems to be a headline that is traveling the blogosphere in reference to the Wordpress 2.1.1 release. According to numerous websites, there are a number of vulnerabilities that are included within the 2.1.1 release and Wordpress.org is notifying their users of a dangerous release and asking everyone to download the new 2.1.2.

What I find interesting is how Wordpress.org is informing everyone that someone, aka a cracker gained access to their file-system and modified the original source of the WP2.1.1 download. Not all users were affected? According to the Wordpress XSS/CSRF advisory that was posted on February 27, 2007 the vulnerabilities existed within the post-parameter of wordpress.