Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: WordPress 3.5.1 Maintenance and Security Release
From: Henri Salo <henri () nerv fi>
Date: Fri, 25 Jan 2013 11:13:57 +0200

From http://wordpress.org/news/2013/01/wordpress-3-5-1/

WordPress 3.5.1 also addresses the following security issues:

- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could 
potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was 
fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for 
reviewing our work.
- Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of 
the WordPress security team.
- A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with 
us on this, and for releasing Plupload 1.5.5 to address this issue.

Henri Salo

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]