oss-sec mailing list archives
Re: WordPress 4.2.1 security update - CVE please
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 27 Apr 2015 21:08:44 +0200
Hi Kurt, On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote:
http://codex.wordpress.org/Version_4.2.1 Version 4.2.1 addressed a security issue. For more information, see the release notes. From the announcement post, WordPress 4.2.1 fixes a critical cross-site scripting (XSS) vulnerability, which could enable commenters to compromise a site.
Had requested CVEs for this in http://www.openwall.com/lists/oss-security/2015/04/26/2 . But there is as well a different stored XSS reported http://klikki.fi/adv/wordpress2.html which seems to affect as well the latest wordpress versions (not verified myself). Regards, Salvatore
Current thread:
- WordPress 4.2.1 security update - CVE please Kurt Seifried (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Alessandro Ghedini (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Alessandro Ghedini (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso (Apr 27)