Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 24 Jul 2014 12:34:23 +0300
From: Henri Salo <>
Subject: Re: CVE request: Mailpoet (wordpress-plugin) remote
 file upload exploited in the wild

On Thu, Jul 24, 2014 at 11:26:08AM +0200, Hanno Böck wrote:
> Hi,
> A remote file upload in the wordpress plugin Mailpoet is currently
> widely exploited:
> It is fixed in the version 2.6.7. Upstream changelog:
> Fixed security issue reported by Sucuri
> The changelog lists also another security issue, fixed in version 2.6.8,
> however without any details:
> Fixed security issue reported by our dear Dominic. Thank you sir!
> I know that CVE requests without details aren't liked much here,
> however at the moment I don't have the time to digg into version diffs.
> Please assign CVE for the first and proceed how you think appropriate
> for the second.
> -- 
> Hanno Böck
> mail/jabber:
> GPG: BBB51E42

Already assigned. Please see thanks. Top 379 plugin
in by the way.

Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ