Are you using one of these themes?
Aug 9, 2007 Blogging
If you are, your blog is vulnerable:
1. field-of-dreams-02
2. tarski
3. mandigo-14,1.22
4. connections
5. default
6. freshy
7. redoable
8. k2
9. vistered-little-1.6a
10. wp-multiflex-3
from BlogSecurity » Top 10 Vulnerable WP Themes The link has more info about this. Thanks to Lorelle for the heads up! (Note: I love Tarski and have used Freshy in the past, too. Yikes!)
August 9th, 2007 at 8:12 pm
Dawn, is there any word on whether a Wordpress-hosted blog using one of the above themes is going to be vulnerable?
August 9th, 2007 at 8:14 pm
I do believe that a wordpress-hosted blog doesn’t have the same issues. I’m not positive about that but wordpress is usually pretty on top of things and if there is an issue, likely they’re fixing it or fixed it.
August 9th, 2007 at 9:22 pm
Woo for Ad-Clerum!
August 11th, 2007 at 9:39 am
As far as we’re aware, this was fixed in Tarski way back in May.
http://code.google.com/p/tarski/issues/detail?id=19&can=1&q=xss
Unfortunately, BlogSecurity apparently didn’t see fit to contact theme authors regarding a) what the bugs are and b) whether they’d already been fixed or not.
August 12th, 2007 at 12:56 am
Many of these may have been updated, so it’s best to check in with the author.
And I’m working on an article with Blog Security to get more specific information. The problem with this is that some of this information isn’t public knowledge, so we’re walking a fine line providing information while not making things worse.