Today marks the third year of this blog. Back when I started, WordPress version 1.5 was brand new, and I wanted to try managing a site with something other than my hand-rolled Perl applications. Since then, my involvement with WordPress has grown; I now work full-time as a web developer, and I spend most of [...]
Monthly Archives: February 2008
CSRF Attack on WordPress
February 13, 2008 – 11:47 am
Someone named Ferruh has a proof-of-concept cross-site request forgery (CSRF) attack against WordPress (HT: DK at BlogSecurity). I’ve tried it out successfully on my own version of WordPress 2.3.3. The scenario is like this: you go to leave a comment on someone’s site, and surreptitiously that (evil) site tricks you into changing your WordPress admin [...]