Re: CVE request: WordPress advanced-xml-reader XXE

[Henri Salo <henri () nerv fi>]

On Mon, May 06, 2013 at 09:06:17AM +0300, Henri Salo wrote:
> Can I get 2013 CVE for issue:
>
> Advanced XML Reader Plugin for WordPress contains an XXE (Xml eXternal Entity)
> injection flaw that is triggered during the parsing of XML data. The issue is
> due to an incorrectly configured XML parser accepting XML external entities from
> an untrusted source. By sending specially crafted XML data, a remote attacker
> can gain access to arbitrary files.
>
> http://osvdb.org/92904
>
> This issue is not yet fixed.

This did not get assigned. Do you need more information?

---
Henri Salo