2.0.2 Tested and Does not appear Vulnerable. -----Original Message----- From: ciri@xxxxxxxxxx [mailto:ciri@xxxxxxxxxx] Sent: Sunday, March 04, 2007 4:56 PM To: bugtraq@xxxxxxxxxxxxxxxxx Subject: Wordpress <= v2.1.0 If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques. More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt