Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 Jul 2014 11:03:16 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE request: WordPress plugin wysija-newsletters remote file upload

Can I get 2014 CVE for remote file upload vulnerability in WordPress plugin
wysija-newsletters, thanks.

Plugin name: MailPoet Newsletters
Plugin page: https://wordpress.org/plugins/wysija-newsletters/
Fixed in: 2.6.7
Discovered and reported by Sucuri

Reference:
http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html

Also detected by wpscan-tool:
https://github.com/wpscanteam/wpscan/commit/f9b10dc9db45f400918348b777f662c7140ee5fe

I can provide diffs between the versions if needed.

---
Henri Salo

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ