Full Disclosure mailing list archives

Re: XSS vulnerability on WP-Banners-Lite (wordpress plugin)

From: Henri Salo <henri () nerv fi>
Date: Mon, 25 Mar 2013 15:28:53 +0200

On Mon, Mar 25, 2013 at 08:53:28AM -0300, Fernando A. Lagos B. wrote:

I. Background
--------------
[-] Affected plugin: WP Banners Lite
[-] Plugin Description: The plugin easily allows you to manage ad
banners on your site.
[-] Plugin URL: http://wordpress.org/extend/plugins/wp-banners-lite/
[-] Tested Version: 1.29, 1.31, 1.40
[-] Reported: YES - but no answer
[-] Report Date: 03/12/13
[-] Published:
http://blog.zerial.org/seguridad/vulnerabilidad-en-plugin-para-wordpress-afecta-a-mas-de-200-sitios/


You can report next issue to the plugins<snip>wordpress.org address and they will
remove the plugin from showing up in plugin index site[1] or whatever it is
called and users can't install it using WordPress administrator-interface before
developer of the plugin has fixed the vulnerability. I will send the
plugins-guys email right now to get the process on-going. You can also directly
contact me in case you need help coordinating issues. Have a great day.

1: http://wordpress.org/extend/plugins/wp-banners-lite/

--
Henri Salo

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

XSS vulnerability on WP-Banners-Lite (wordpress plugin) Fernando A. Lagos B. (Mar 25)
- Re: XSS vulnerability on WP-Banners-Lite (wordpress plugin) Henri Salo (Mar 25)