oss-sec mailing list archives
CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 4 Feb 2016 17:33:18 +0100
Hi A new security and maintanance release for WordPress was announced, which addresses two security issues: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/ According to the announcement:
WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
Could two CVEs be assigned for the repspective issues? References: https://core.trac.wordpress.org/changeset/36444 https://core.trac.wordpress.org/changeset/36435 Regards, Salvatore
Current thread:
- CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability Salvatore Bonaccorso (Feb 04)