Date: Fri, 25 Jan 2013 11:13:57 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE request: WordPress 3.5.1 Maintenance and Security Release >From http://wordpress.org/news/2013/01/wordpress-3-5-1/ WordPress 3.5.1 also addresses the following security issues: - A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. - Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team. - A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. -- Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ