oss-sec mailing list archives

CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3)

From: Henri Salo <henri () nerv fi>
Date: Mon, 28 Jan 2013 10:56:48 +0200

Hello,

Vulnerabilities fixed in WordPress 3.1.4[1] does not yet have CVE identifiers. As far as I can tell there is three 
different issues[2][3][4]. Details of issue OSVDB:73721 from Andrew Nacin below:

Using specially crafted requests under certain conditions, users without the ability to write with unfiltered HTML 
could add some to a post, and could update posts where they did not have a permission to do so. The relevant changeset 
is: http://core.trac.wordpress.org/changeset/18368/branches/3.1

1: http://wordpress.org/news/2011/06/wordpress-3-1-4/
2: http://osvdb.org/73721 WordPress Unspecified Access Restriction Bypass
3: http://osvdb.org/73722 WordPress wp-admin/edit-tags.php Multiple Parameter SQL Injection
4: http://osvdb.org/73723 WordPress wp-admin/link-manager.php Multiple Parameter SQL Injection

Please note that these need to be CVE-2011-XXXX, thanks.

--
Henri Salo

Current thread:

CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Henri Salo (Jan 28)
- Re: CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Kurt Seifried (Jan 28)