Full Disclosure mailing list archives
Re: WordPress 4.2 stored XSS
From: C0r3dump3d <coredump () autistici org>
Date: Tue, 28 Apr 2015 09:48:09 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Curiously we had the same problem when we tried to communicate to Wordpress the vulnerability CVE-2014-9034 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9034). We tried, repeatedly, to contact WP through HackerOne and email, but did not respond. Only through the intervention of the CERT/CC, and last about six months they showed the necessary interest. Andres. El 27/04/15 a las 23:33, Winni Neessen escribió:
Am 27.04.2015 um 16:55 schrieb Hanno Böck <hanno () hboeck de>:As there is still no fix from upstream I created a quick'n'dirty fix for it: https://gist.github.com/hannob/a07f7b7e196c75c4c1a8 https://files.hboeck.de/wordpress-4.2-emergency-fix-xss.diffLooks like the WP team published an official fix: https://wordpress.org/news/2015/04/wordpress-4-2-1/ <https://wordpress.org/news/2015/04/wordpress-4-2-1/> "A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.“ Winni _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVPzs5AAoJEB3Mh7ZpWLvITBsQAIVjSQ5Yf2EnbkGMql8uL2h2 AzafSd1LSwaw4RuhGLd7VZ6OXVWtvHqxkJkm2cXc6X02HKBRcsMY3MsU3cQyVOzV tE8vTxI0tOGtcwSi77OdDmT1KDJ4Xiw+G6PFiFjP+iOHnhIfUJzOWfuF9MwxNM7I IXGv66XROXzkdyLvVsjsK5CZzO3Robjp4YOgfIXRwPYbr7N+TNbqDEO8427goA5o 63P0nAtnbD9pp/bQ6vewSiad/GBpQlMsOZAFcaC9O0RkzerZIwG2FGh+1scVTKzS SSE0J13kq9KXkG1R9v4j4vNba78NXlaew58jd86GN7Ml0WPuVbfI9DiXYc8n6Lfx 4qYUw3XXbRqoZ5lhFupKNzLNrvmP0QIHPnF8OnORS51RVWPEsj3IEKyQDV5yqx77 FE79/zwCvQNnv68SrOmpyIUjfh5Daglbiel/jCj+s1EoxwXSozHz4Qk+zrASXkRv n6UCX48//O3MLJ9nbhOU66oDDv5quxa2S8axbk+oBUt43sLV0xDleEHqJK/mTUXR hZbk5suRKH4P9XGPYBU077h3rSU6/c+j7xt9UflGt84Mhw4cPu1CsYFksmlXwiTh mqSLBNNmj8MIJ7PD8fuprcYs5TIEVflRhcbyejfFky5gM1HO+q5gkumK2NtKj7M6 mQSvSnW9CIWXyBfDAXGL =poHS -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- WordPress 4.2 stored XSS Jouko Pynnonen (Apr 26)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 26)
- Re: WordPress 4.2 stored XSS Hanno Böck (Apr 27)
- Re: WordPress 4.2 stored XSS Winni Neessen (Apr 27)
- Re: WordPress 4.2 stored XSS C0r3dump3d (Apr 28)
- Re: WordPress 4.2 stored XSS Winni Neessen (Apr 27)
- Re: WordPress 4.2 stored XSS Anthony Ferrara (Apr 27)
- Re: WordPress 4.2 stored XSS Fyodor (Apr 27)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 27)
- Re: WordPress 4.2 stored XSS Ryan Dewhurst (Apr 27)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 27)