oss-sec mailing list archives
CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability
From: Henri Salo <henri () nerv fi>
Date: Tue, 15 May 2012 22:41:25 +0300
Hello, WordPress plugin wp-facethumb version 0.1 is affected to reflected XSS vulnerability. This issue is fixed in version 0.2. Could I get 2012 CVE-identifier for this issue, thanks. Changelog: http://plugins.svn.wordpress.org/wp-facethumb/trunk/readme.txt Original advisory: http://cxsecurity.com/issue/WLB-2012050106 My report to developer: http://wordpress.org/support/topic/plugin-wp-facethumb-reflected-xss-vulnerability-cwe-79 Plugin URL: http://wordpress.org/extend/plugins/wp-facethumb/ (will show up very soon. WP admins disabled this until fix is done) Diff included between tags 0.1 and 0.2. - Henri Salo
Attachment:
wp-facethumb.diff
Description:
Current thread:
- CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability Henri Salo (May 15)
- Re: CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability Kurt Seifried (May 15)