+++ This bug was initially created as a clone of Bug #284874 +++ CVE-2008-7220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7220): Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors. WordPress 2.8.4 has 1.6.0 twice in: ./wp-includes/js/scriptaculous/prototype.js ./wp-includes/js/prototype.js
(In reply to comment #0) > WordPress 2.8.4 has 1.6.0 twice in: > ./wp-includes/js/scriptaculous/prototype.js > ./wp-includes/js/prototype.js > December 2009: The same is true for the latest Wordpress 2.8.6 (from the unmasked,unpacked 2.8.6 ebuild). It has the 1.6.0 Prototype: Prototype JavaScript framework, version 1.6.0 * (c) 2005-2007 The latest available prototype is 1.6.1.; don't know if it'll work in any version of Wordpress. There is Wordpress ticket 11041, to update its Prototype. The update is marked for inclusion at milestone Wordpress 3.0: http://core.trac.wordpress.org/ticket/11041 This means that there will probably a Wordpress version 2.9 released with the old Prototype 1.6.0.
(In reply to comment #1) > This means that there will probably a Wordpress version 2.9 released with the > old Prototype 1.6.0. Confirmed, 2.9 still has 1.6.0
wordpress 3.0.1 has prototype 1.6.1. Closing noglsa.