oss-sec mailing list archives
CVE Request: wordpress and mediaelement
From: Craig Small <csmall () enc com au>
Date: Sat, 07 May 2016 05:33:13 +0000
Hi, wordpress 4.5.1 has two security issues[1], both XSS, both fixed in 4.5.2 One is around the plupload embedded code[2] which I'm unsure if it affects plupload proper or just wordpress. The second is around mediaelement[3] and this does affect the upstream program but is already fixed[4]. 1: https://wordpress.org/news/2016/05/wordpress-4-5-2/ 2: https://core.trac.wordpress.org/changeset/37382/ 3: https://core.trac.wordpress.org/changeset/37371 4: https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e - Craig -- Craig Small (@smallsees) http://enc.com.au/ csmall at : enc.com.au Debian GNU/Linux http://www.debian.org/ csmall at : debian.org GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
Current thread:
- CVE Request: wordpress and mediaelement Craig Small (May 07)
- Re: CVE Request: wordpress and mediaelement cve-assign (May 07)