Security vulnerabilities have been found in WordPress that allows users to enter code into the site through certain urls (whose content is not checked).

Examples:
http://[victim]/wp-login.php?redirect_to=[code]
http://[victim]/wp-login.php?mode=bookmarklet&text=[code]
http://[victim]/wp-login.php?mode=bookmarklet&popupurl=[code]
http://[victim]/wp-login.php?mode=bookmarklet&popuptitle=[code]
http://[victim]/admin-header.php?redirect=1&redirect_url=%22;[code]//
http://[victim]/bookmarklet.php?popuptitle=[code]
http://[victim]/bookmarklet.php?popupurl=[code]]
http://[victim]/bookmarklet.php?content=[code]
http://[victim]/bookmarklet.php?post_title=[code]
http://[victim]/categories.php?action=edit&cat_ID=[code]
http://[victim]/edit.php?s=[code]
http://[victim]/edit-comments.php?s=[code]
http://[victim]/edit-comments.php?mode=[code]

XSS (cross-site scripting) holes are common in many php scripts and Wordpress isn't the only effected blogging tool. LiveJournal and Blogger are also vulnerable.

Athlough this is a somewhat large security issue wordpress users shouldn't be too worried, all scripts have bugs.

The Wordpress team are working on a 1.2.1 release to fix these issues. So look out for it.

Related links:
http://wordpress.org/support/4/13818
http://wordpress.org/support/7/13856
http://news.netcraft.com/archives/2004/09/30/security_holes_in_wordpress_blogging_tool.html
http://secunia.com/advisories/12683/

Not that I think anyone would be interested. I may find it useful to have my HSC timetable here for some reason. http://blog.dalegroup.net/documents/personal-hsc-timetable-2004.pdf

I'm one for gloating, so I thought I'd try and raise ye old ego a bit more (as you do ;)). Anyway as you may (or probably may not) know I hacked apart wordpress to leach some of its sending trackback function and found a very small bug. The bug being if you ran wordpress on a non standard port (i.e anything other than 80) then people would be unable to send a trackback to that site. Wordpress ignored the fact that someone may have enter a port number into the trackback url. Only a small bug.
So I emailed the good matt ( http://www.photomatt.net ) about the problem and included a fix for it. Less than 24 hours later wordpress is patched and the latest nightly build includes this small fix.

It's just cool that anyone can help add/fix things to open source software. So praise open source (and wordpress for being so).

w00t

/end ego boosting post ;)

no I'll never like wordpress, shutup! :S

I've done a complete update of the backend of my website today. Every piece of text you now see on this website is coming
to you live from my database! ;) It's very cool. Something I've been wanting to do for a while. Currently I haven't rewritten an admin panel
although it is in the works as we speak. Very cool. Also got some maths done today. hehe nice.