Hi, I paid for a security review of my wordpress blog and one of the items it came back with is a vulnerability to "extended injection" through URL parameters.
For instance, if you append a parameter to the end of a URL, like this:
Then the D parameter gets carried into other URLs on the page, like previous and next entries, comment links, and others.
Is the wordpress team aware of this? Is this a major issue I should be concerned about?