Full Disclosure: Re: WordPress User Account Information Leak / Secunia Advisory SA23621

Re: WordPress User Account Information Leak / Secunia Advisory SA23621

From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Sat, 6 Jul 2013 09:32:28 -0700

"xxx" <ryandewhurst () gmail com> wrote:

(self promotion not intended, highlighting other issues in WordPress)

Check out WPScan for other such issues with WordPress that have existed
for a long time but never patched. WordPress are aware of these issues but
for whatever reason decided not to patch them.

http://wpscan.org/


Funny, your username broke gmane (a popular mail2nntp gateway).

http://thread.gmane.org/gmane.comp.security.full-disclosure/89782

I'll send a bug report to the maintainer.

Tavis.


-- 
-------------------------------------
taviso () cmpxchg8b com | pgp encrypted mail preferred
-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

WordPress User Account Information Leak / Secunia Advisory SA23621 Sven Kieske (Jul 04)
- Re: WordPress User Account Information Leak / Secunia Advisory SA23621 \"><script>alert(1)</script> (Jul 04)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Tavis Ormandy (Jul 06)
- Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Ivan Carlos (Jul 04)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Harry Metcalfe (Jul 05)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Harry Metcalfe (Jul 05)