Security Alert: templates.php XSS vulnerability in WordPress

Thanks to Thilak of TechBuzz, I've just learned about wp-admin/templates.php (part of your WordPress administration functionality) seems to be vulnerable to a rather nasty XSS exploit.

All the versions of WordPress prior to the future 2.0.6 are vulnerable to this issue, so it's highly recommended to back up your current templates.php file and replace it with a patched templates.php file (mind you, it's a WordPress 2.0.5 version of this file).

For more details, please read the WordPress Persistent XSS post by David Kierznowski who is credited with discovering this vulnerability. David has also posted a proof of concept for this exploit: WordPress template.php exploit.

For a structured description of this problem and a fix for it, please consult the relevant Security Focus discussion.

Speak Your Mind