Alerts

WordPress rawurlencode Vulnerability

Intro

xy7 found an information disclosure vulnerability in WordPress <= 2.0.6.

It looks like this vulnerability is limited to information leakage only. If you want to test your WP installation see below.

Test if you are vulnerable (most likely):
http://my_wordpress/index.php?m[]=
OR
http://my_wordpress/?m[]=
Temporary fix:

Note: Always make backups before making any changes.
As a temporary fix we ensure that the input being passed to [...]

---

Copyright 2007. Diary of Michael Daw. All rights reserved

• Home
• About
• Contact
• Store
• Projects
• Michael’s Toolbox
• Site Disclaimer