oss-sec mailing list archives
Re: WordPress 3.9.2 release - needs CVE's
From: Andrew Nacin <nacin () wordpress org>
Date: Thu, 14 Aug 2014 00:57:36 -0400
On Wed, Aug 13, 2014 at 1:47 AM, <cve-assign () mitre org> wrote:
> XSS: https://core.trac.wordpress.org/changeset/29398 We think this can have a CVE ID only if it allows privilege escalation from Administrator to Super Admin in a Multisite installation. Does it? (On other installations, Administrator has the unfiltered_html capability.)
Yes.
Current thread:
- WordPress 3.9.2 release - needs CVE's Kurt Seifried (Aug 06)
- Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 06)
- Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 12)
- Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 13)
- Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 13)
- Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 12)
- GetID3 CVE-2014-2053 XXE issue [was Re: [oss-security] WordPress 3.9.2 release - needs CVE's] Murray McAllister (Aug 14)
- Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 06)