Home page logo

oss-sec logo oss-sec mailing list archives

CVE Requests for WordPress 3.6.1
From: Andrew Nacin <nacin () wordpress org>
Date: Wed, 11 Sep 2013 17:28:26 -0400

Three issues fixed in WordPress 3.6.1:

 * Unsafe PHP unserialization. CWE-502.

 * Open Redirect / Insufficient Input Validation. CWE-601.
http://core.trac.wordpress.org/changeset/25323 and

 * Privilege Escalation: a user with an Author role, using a specially
crafted request, was able to create a post that was marked as "written by"
another user. http://core.trac.wordpress.org/changeset/25321.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]