Full Disclosure mailing list archives
Re: XSS vulnerability on WP-Banners-Lite (wordpress plugin)
From: Henri Salo <henri () nerv fi>
Date: Mon, 25 Mar 2013 15:28:53 +0200
On Mon, Mar 25, 2013 at 08:53:28AM -0300, Fernando A. Lagos B. wrote:
I. Background -------------- [-] Affected plugin: WP Banners Lite [-] Plugin Description: The plugin easily allows you to manage ad banners on your site. [-] Plugin URL: http://wordpress.org/extend/plugins/wp-banners-lite/ [-] Tested Version: 1.29, 1.31, 1.40 [-] Reported: YES - but no answer [-] Report Date: 03/12/13 [-] Published: http://blog.zerial.org/seguridad/vulnerabilidad-en-plugin-para-wordpress-afecta-a-mas-de-200-sitios/
You can report next issue to the plugins<snip>wordpress.org address and they will remove the plugin from showing up in plugin index site[1] or whatever it is called and users can't install it using WordPress administrator-interface before developer of the plugin has fixed the vulnerability. I will send the plugins-guys email right now to get the process on-going. You can also directly contact me in case you need help coordinating issues. Have a great day. 1: http://wordpress.org/extend/plugins/wp-banners-lite/ -- Henri Salo
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS vulnerability on WP-Banners-Lite (wordpress plugin) Fernando A. Lagos B. (Mar 25)
- Re: XSS vulnerability on WP-Banners-Lite (wordpress plugin) Henri Salo (Mar 25)