mailing list archives
Re: XSS vulnerability on WP-Banners-Lite (wordpress plugin)
From: Henri Salo <henri () nerv fi>
Date: Mon, 25 Mar 2013 15:28:53 +0200
On Mon, Mar 25, 2013 at 08:53:28AM -0300, Fernando A. Lagos B. wrote:
[-] Affected plugin: WP Banners Lite
[-] Plugin Description: The plugin easily allows you to manage ad
banners on your site.
[-] Plugin URL: http://wordpress.org/extend/plugins/wp-banners-lite/
[-] Tested Version: 1.29, 1.31, 1.40
[-] Reported: YES - but no answer
[-] Report Date: 03/12/13
You can report next issue to the plugins<snip>wordpress.org address and they will
remove the plugin from showing up in plugin index site or whatever it is
called and users can't install it using WordPress administrator-interface before
developer of the plugin has fixed the vulnerability. I will send the
plugins-guys email right now to get the process on-going. You can also directly
contact me in case you need help coordinating issues. Have a great day.
Description: Digital signature
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/