Full Disclosure mailing list archives
Re: WordPress 4.2 stored XSS
From: Winni Neessen <winni () insecure so>
Date: Mon, 27 Apr 2015 23:33:32 +0200
Am 27.04.2015 um 16:55 schrieb Hanno Böck <hanno () hboeck de>:
As there is still no fix from upstream I created a quick'n'dirty fix for it: https://gist.github.com/hannob/a07f7b7e196c75c4c1a8 https://files.hboeck.de/wordpress-4.2-emergency-fix-xss.diff
Looks like the WP team published an official fix: https://wordpress.org/news/2015/04/wordpress-4-2-1/ <https://wordpress.org/news/2015/04/wordpress-4-2-1/> "A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.“ Winni
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- WordPress 4.2 stored XSS Jouko Pynnonen (Apr 26)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 26)
- Re: WordPress 4.2 stored XSS Hanno Böck (Apr 27)
- Re: WordPress 4.2 stored XSS Winni Neessen (Apr 27)
- Re: WordPress 4.2 stored XSS C0r3dump3d (Apr 28)
- Re: WordPress 4.2 stored XSS Winni Neessen (Apr 27)
- Re: WordPress 4.2 stored XSS Anthony Ferrara (Apr 27)
- Re: WordPress 4.2 stored XSS Fyodor (Apr 27)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 27)
- Re: WordPress 4.2 stored XSS Ryan Dewhurst (Apr 27)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 27)