Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 18 May 2015 18:50:59 -0400 (EDT)
From: cve-assign@...re.org
To: adrimf85@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: SQLi in FeedWordPress - WordPress plugin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I discovered a SQLi in a WordPress plugin:
> 
> * SQL injection vulnerability in FeedWordPress
> * vulnerable version: 2015.0426
> * patched version: 2015.0514
> * changelog: https://wordpress.org/plugins/feedwordpress/changelog/
> 
> Download Version 2015.0514
> 
> fixes a security vulnerability that was reported to me privately
> (thanks to Adrian M. F.) which, under other low-probability
> conditions, could allow for SQL insertion attacks by a malicious user
> with access to login credentials, which would compromise data
> security.

Use CVE-2015-4018.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVWmxeAAoJEKllVAevmvmsTqkH/3u2Nj6ymKh821/xE6QmzDb4
91DqYFzchK862aguT5iRkegxw1eKH+4e1UH4hAyP3sbxfeI6qiqd6BTFwyXyH+X9
e5u/OPDtXDaz+T42+TTVgrg47RTlBI1HsKBwAFgmWzNc/8m/gIW7BwRudxILeCx5
nFTgKZ9XGnUyhmerrwyQd1D4m3cE4221NM4/M7H7qlx4DmL8kGaTOr6L/scUPp5y
Vw/+q7m0MH7ckIBJO8MiACAHRs5G2EQMIE4LqevyDsY36oYpxmMCzlsV1s7OaW60
XuR3BAx8BbvH23sjCw++S/rAKZZCLltIa6gZkqB4Ini74fhZisISYXB3KXQfTX4=
=W440
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ