Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: XSS vulnerability on WP-Banners-Lite (wordpress plugin)
From: Henri Salo <henri () nerv fi>
Date: Mon, 25 Mar 2013 15:28:53 +0200

On Mon, Mar 25, 2013 at 08:53:28AM -0300, Fernando A. Lagos B. wrote:
I. Background
[-] Affected plugin: WP Banners Lite
[-] Plugin Description: The plugin easily allows you to manage ad
banners on your site.
[-] Plugin URL: http://wordpress.org/extend/plugins/wp-banners-lite/
[-] Tested Version: 1.29, 1.31, 1.40
[-] Reported: YES - but no answer
[-] Report Date: 03/12/13
[-] Published:

You can report next issue to the plugins<snip>wordpress.org address and they will
remove the plugin from showing up in plugin index site[1] or whatever it is
called and users can't install it using WordPress administrator-interface before
developer of the plugin has fixed the vulnerability. I will send the
plugins-guys email right now to get the process on-going. You can also directly
contact me in case you need help coordinating issues. Have a great day.

1: http://wordpress.org/extend/plugins/wp-banners-lite/

Henri Salo

Attachment: signature.asc
Description: Digital signature

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]