mailing list archives
CVE Requests for WordPress 3.6.1
From: Andrew Nacin <nacin () wordpress org>
Date: Wed, 11 Sep 2013 17:28:26 -0400
Three issues fixed in WordPress 3.6.1:
* Unsafe PHP unserialization. CWE-502.
* Open Redirect / Insufficient Input Validation. CWE-601.
* Privilege Escalation: a user with an Author role, using a specially
crafted request, was able to create a post that was marked as "written by"
another user. http://core.trac.wordpress.org/changeset/25321.
- CVE Requests for WordPress 3.6.1 Andrew Nacin (Sep 11)