oss-sec mailing list archives
Re: CVE request: WordPress plugin wysija-newsletters remote file upload
From: cve-assign () mitre org
Date: Tue, 8 Jul 2014 12:41:13 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://wordpress.org/plugins/wysija-newsletters/changelog/ 2.6.7 - 2014-07-01 Fixed security issue reported by Sucuri http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
the developers assumed that WordPress's "admin_init" hooks were only called when an administrator user visited a page inside /wp-admin/.
It is a easy mistake to make and they used that hook (admin_init) to verify if a specific user was allowed to upload files.
Use CVE-2014-4725.
https://wordpress.org/plugins/wysija-newsletters/changelog/ 2.6.8 - 2014-07-04 Fixed security issue reported by Dominic
This seems to be an unspecified vulnerability with a different discoverer. Use CVE-2014-4726.
http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
WordPress's "admin_init" hooks
any call to /wp-admin/admin-post.php also executes this hook without requiring the user to be authenticated
As far as we can tell, this is intentional behavior in WordPress, and is not a WordPress implementation error or vulnerability. There is no CVE ID for this WordPress behavior. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTvB7EAAoJEKllVAevmvmsXpAH/2HeRED+w5BlsPaGIkGFXaqT FGdOCgYyjfwCISZQqaIvUds81sKJMewfcv/2naoY+MU2/IWDAPME8vAFuJiZpwPq SL8BsUlIB4D0uizC/vhJHuf4G7Fw0+qlTy2O2nMdcZ+5TZlu626M7WvRUE4pJj37 q86dmqqnF9CjiQWLBx2UKb0xLfrCGBQyqXMjZlvvyTI7wbZLjwFoxSJ4UqNM1My1 5LkY4L3DGyGaNrrNZOdM3OGKhNtTrJl630TIqhwu+hnKIvrY5N2WPFHHoZ2V7K8P QFktGYlW5zej5jGi11ZGX5bWa8sWtBYQNXge9AUjQSaiaSSuDNkoey3dgx5Mk5E= =dY+t -----END PGP SIGNATURE-----
Current thread:
- CVE request: WordPress plugin wysija-newsletters remote file upload Henri Salo (Jul 02)
- Re: CVE request: WordPress plugin wysija-newsletters remote file upload cve-assign (Jul 08)