Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 5 Feb 2015 19:53:47 +0200
From: Henri Salo <>
Subject: Re: Re: CVE request for Zero-day in the
 Fancybox-for-WordPress Plugin

On Thu, Feb 05, 2015 at 11:52:19AM -0500, wrote:
> Use CVE-2015-1494.

Please note they released 3.0.4 to mitigate the problem in case someone updates,
but does not remove malicious code. This is unusual from WordPress plugin
authors. I am very happy to see improvement.

    Renamed the setting affected by the security issue mentioned in 3.0.3. This
    should stop the malicious code from appearing on sites where the plugin is
    updated without removing the malicious code.

Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.