Skip to content

Wordpress vulnerability #141

New issue
New issue
Open
Open
Wordpress vulnerability#141
Assignees
TrevBid
Labels
storyA pitch for a short story
@andymeneely

Description

@andymeneely
andymeneely
opened on May 9, 2023

https://www.theregister.com/2023/05/08/wordpress_plugin_vulnerability/

A big XSS just happened recently. This reminds me - we could/should add Wordpress to our case studies. I've published papers using data from Wordpress vulnerabilities before. It's a doable case study.

Some things to discuss about this vulnerability:

  • Escaping for XSS is really really hard
  • You have to remember to use the escaping properly. You can't solve it for everyone - everyone must know what it does
  • WP is particularly vulnerable because they rely on a lot of plugins and there's no sandboxing between those plugins

Some good factoids from this article, too.

Metadata

Metadata

Assignees

Labels

storyA pitch for a short story

Type

No type

Projects

VHP Becomes a Thing

Status

📋 TODO

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions