oss-sec mailing list archives

CVE Request: wordpress and mediaelement

From: Craig Small <csmall () enc com au>
Date: Sat, 07 May 2016 05:33:13 +0000

Hi,
  wordpress 4.5.1 has two security issues[1], both XSS, both fixed in 4.5.2

One is around the plupload embedded code[2] which I'm unsure if it affects
plupload proper or just wordpress.
The second is around mediaelement[3] and this does affect the upstream
program but is already fixed[4].


1: https://wordpress.org/news/2016/05/wordpress-4-5-2/
2: https://core.trac.wordpress.org/changeset/37382/
3: https://core.trac.wordpress.org/changeset/37371
4:
https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e


 - Craig

-- 
Craig Small (@smallsees)   http://enc.com.au/       csmall at : enc.com.au
Debian GNU/Linux           http://www.debian.org/   csmall at : debian.org
GPG fingerprint:        5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5

Current thread:

CVE Request: wordpress and mediaelement Craig Small (May 07)
- Re: CVE Request: wordpress and mediaelement cve-assign (May 07)