Date: Wed, 2 Jul 2014 11:03:16 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE request: WordPress plugin wysija-newsletters remote file upload Can I get 2014 CVE for remote file upload vulnerability in WordPress plugin wysija-newsletters, thanks. Plugin name: MailPoet Newsletters Plugin page: https://wordpress.org/plugins/wysija-newsletters/ Fixed in: 2.6.7 Discovered and reported by Sucuri Reference: http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html Also detected by wpscan-tool: https://github.com/wpscanteam/wpscan/commit/f9b10dc9db45f400918348b777f662c7140ee5fe I can provide diffs between the versions if needed. --- Henri Salo [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ