skoro wszystko zwiazane z pomyslami i sugestiami uzytkownikow forum, wklejam pliczek, ktory kiedys tam dostalem od kogos tam

Kod:
Name	:	QuickPress persistant XSS in $content and $post_title

Vendor	:	Wordpress 2.9.2

Date	:	1.06.2010

Bug	: 	Persistant XSS (logged only)

Tested	:	Ubuntu 10.4. LTS

Thanks	: 	4 you.


Details:

	QuickPress from Wordpress in $post_title and $content has an XSS vulnerability.
When you log in, add this line to your QuickPress:
"><script>alert(1)</script> to tittle and as a content of your 'quickpost' and see whats happen.
Location: localhost/wordpress/wp-admin/post.php

	Second persistant XSS is in /wp-admin/page.php (the same as above).
Try to "><script> $content and $post_title.