URL parameters vulnerable to script injection?

  • Author
  • #1030202


    Hi, I paid for a security review of my wordpress blog and one of the items it came back with is a vulnerability to “extended injection” through URL parameters.

    For instance, if you append a parameter to the end of a URL, like this:

    Then the D parameter gets carried into other URLs on the page, like previous and next entries, comment links, and others.

    Is the wordpress team aware of this? Is this a major issue I should be concerned about?





    You did not specify a blog address or reason for posting when you created this topic.

    This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.

    If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.

    This is an automated message.

The topic ‘URL parameters vulnerable to script injection?’ is closed to new replies.