XSS vulnerabilities fixed in WordPress 2.0.3


[[http://www.lightbluetouchpaper.org/|Light Blue Touchpaper]] (Security Research, Computer Laboratory, University of Cambridge) alerts users to upgrade their WordPress to version 2.0.3 which should fix two XSS vulnerabilities they reported that are exploitable in the default installation and can readily lead to arbitrary PHP code execution.

They plan to post more details about the vulnerabilities in 10 days because, they say, //”the nature of the problem can probably be deduced from the code changes, so there is limited value in waiting much longer”.//