Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Mar 2017 12:16:03 +0100
From: Emilio Pozuelo Monfort <>
To:, Craig Small <>
Subject: Re: CVE Request: Wordpress: 6 security issues in
 Wordpress 4.7 2

On 07/03/17 11:44, Craig Small wrote:
> Hello again,
>  Wordpress 4.7.3 fixes 6 security issues.  Summer of Pwnage has reported 2
> here yesterday but here is the list from the wordpress site.
> Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè
> Dale, Yorick Koster, and Simon P. Briggs.
> Control characters can trick redirect URL validation. Reported by Daniel
> Chatfield.
> Unintended files can be deleted by administrators using the plugin deletion
> functionality. Reported by xuliang.
> Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by
> Marc Montpas.
> Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
> Cross-site request forgery (CSRF) in Press This leading to excessive use of
> server resources. Reported by Sipke Mellema.
> Reference:

Please report these through to get CVEs assigned, and
follow up here with the CVE identifiers after that's done.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ