Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE-request: WordPress 3.1.1
From: Henri Salo <henri () nerv fi>
Date: Thu, 19 Apr 2012 10:43:23 +0300

On Tue, Apr 17, 2012 at 11:10:27PM -0600, Kurt Seifried wrote:
Can you make a clean list of security issues and the versions
affected? Thanks.

Two issues in 3.1.1 are without 2011 CVE-identifiers, which are announced in here: 
http://wordpress.org/news/2011/04/wordpress-3-1-1/ (April 5, 2011).

Issue #1:

http://osvdb.org/show/osvdb/72141
http://secunia.com/advisories/44038/

"Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to 
execute arbitrary HTML and script code in a user's browser session in context of an affected site."

Issue #2:

http://osvdb.org/show/osvdb/72142
http://secunia.com/advisories/44038/

"The "make_clickable()" function in wp-includes/formatting.php does not properly check the URL length in comments 
before passing it to the PCRE library, which can be exploited to cause a crash."

Both vulnerabilities are reported in versions prior to 3.1.1.

- Henri Salo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]