Need help? Check out our Support site, then

URL parameters vulnerable to script injection?

  1. Hi, I paid for a security review of my wordpress blog and one of the items it came back with is a vulnerability to "extended injection" through URL parameters.

    For instance, if you append a parameter to the end of a URL, like this:

    Then the D parameter gets carried into other URLs on the page, like previous and next entries, comment links, and others.

    Is the wordpress team aware of this? Is this a major issue I should be concerned about?



  2. You did not specify a blog address or reason for posting when you created this topic.

    This support forum is for blogs hosted at If your question is about a self-hosted WordPress blog then you'll find help at the forums.

    If you don't understand the difference between and, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It'll help people to answer your question.

    This is an automated message.

Topic Closed

This topic has been closed to new replies.

About this Topic