Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Jul 2014 11:26:08 +0200
From: Hanno Böck <>
Subject: CVE request: Mailpoet (wordpress-plugin) remote file upload
 exploited in the wild


A remote file upload in the wordpress plugin Mailpoet is currently
widely exploited:

It is fixed in the version 2.6.7. Upstream changelog:
Fixed security issue reported by Sucuri

The changelog lists also another security issue, fixed in version 2.6.8,
however without any details:
Fixed security issue reported by our dear Dominic. Thank you sir!

I know that CVE requests without details aren't liked much here,
however at the moment I don't have the time to digg into version diffs.

Please assign CVE for the first and proceed how you think appropriate
for the second.

Hanno Böck


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ