Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 17 Jun 2015 14:04:28 +0200
From: Sebastian Wolfgang Kraemer | HSASec <Sebastian.Kraemer@...Augsburg.de>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
CC: cve-assign@...re.org
Subject: CVE request for XSS and CSRF vulnerability in wordpress plugin WP-Stats

Greetings,

we discovered a vulnerability in the following component and want to
request a CVE for it:

Product-Type:     
Wordpress Plugin

Product:         
WP-Stats (https://de.wordpress.org/plugins/wp-stats/)

Version:         
2.51

Vendor:         
lesterchan@...il.com

Fixed:             
reported: 2015-06-16
fixed in version 2.52, 2015-06-17

Changelog:         
https://wordpress.org/plugins/wp-stats/changelog/

PoC available:     
yes

Description:
persistent XSS in wordpress-admin-panel enabled by csrf-vulnerability in
admin-menu of plugin

Researchers:
* Michael Kapfer (Michael.Kapfer@...augsburg.de)
* Sebastian Kraemer (Sebastian.Kraemer@...sec.de)


Best regards,
 the HSASec-Team
 (https://www.hsasec.de)
 


[ CONTENT OF TYPE application/pkcs7-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ