Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 8 May 2015 23:52:28 +0200
From: Hannes Trunde <>
Subject: Re: CVE request: SQL injection vulnerability in WordPress plugins
 Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1

> Our only suggestion for this case is that, given that the multi-stage
> approach is already in progress, it would probably be best to
> establish a link in at least one direction, e.g., either:
>   - your full advisory should include a link to
>     so that this previous discussion can be found
>   or
>   - you should make a later oss-security post in this thread, with a
>     link to the public URL(s) for your full advisory, which might
>     be in any of the four locations that you proposed

Thanks for clarification! To complete this thread I'll include the
URLs to the advisories below:

WordPress Community Events 1.3.5 SQL Injection (CVE-2015-3313)

WordPress Tune Library 1.5.4 SQL Injection (CVE-2015-3314)

WordPress WP Symposium 15.1 SQL Injection (CVE-2015-3325)

Hannes Trunde

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ