I recently discovered an XSS vulnerability in a blog that uses Wootheme Canvas with Yoast breadcrumbs.
in wp-content/themes/canvas/includes/theme-plugins.php, line 219, the search widget does not escape html entities, resulting in potential code injection. e.g. search for:
>"></strong><script>alert('injection');</script>
In order to fix this, the line should read as:
$output .= bold_or_not($opt['searchprefix'].' "'.htmlentities(html_entity_decode(get_search_query())).'"');
Friday, July 9, 2010
Subscribe to:
Posts (Atom)