Tag Archives: kses

Kses, GPL, Copyright, Licensing and Disclaimer

The current wordpress security release made me look into kses.php today. But my review ended before going over the first 10 lines already. Guess what I ran over? Jup, another wordpress GPL license violation. How did I find it? It … Continue reading

Posted in Hacking The Core, Pressed, Reports, Wordpress Licensing | Tagged , , , , , , , , , , | 3 Comments

Too Yellow to Name a Ticket – WordPress Security Bites Itself Again in 3.0.4 (Updated 2x)

WordPress 3.0.4 is out. What?! [UPDATE: The advisory is now online: Persistent XSS vulnerability – wordpress 3.0.3 (kses.php) ] Keep cool. There is an release (all 3.0.2 to 3.0.4 changes), but actually Matt Mullenweg is asking for a security review … Continue reading

Posted in Pressed | Tagged , , , , , , , , | 5 Comments