Home page logo

oss-sec logo oss-sec mailing list archives

Re: TWSL2012-002: Multiple Vulnerabilities in WordPress
From: Henri Salo <henri () nerv fi>
Date: Thu, 26 Jan 2012 03:24:45 +0200

On Wed, Jan 25, 2012 at 05:02:58PM -0700, Kurt Seifried wrote:
On 01/25/2012 08:31 AM, Henri Salo wrote:
FYI: http://seclists.org/fulldisclosure/2012/Jan/416

- Henri

Uh correct me if I am wrong but these already have CVE's? From the link:

Finding 1: PHP Code Execution and Persistent Cross Site Scripting
Vulnerabilities via 'setup-config.php' page.
CVE: CVE-2011-4899

Finding 2: Multiple Cross Site Scripting Vulnerabilities in
'setup-config.php' page
CVE: CVE-2012-0782

Finding 3: MySQL Server Username/Password Disclosure Vulnerability via
'setup-config.php' page
CVE: CVE-2011-4898

Yes you are correct. My point was to share this information with oss-security and the information being that WordPress 
is not going to fix these issues. Not everyone from oss-security is reading full-disclosure and still want to kno 
security-related topics of open-source software and looking at the lasts posts of full-disclosure I don't wonder why :)

- Henri Salo

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]