Full Disclosure mailing list archives
Re: WordPress 4.2 stored XSS
From: Fyodor <fyodor () nmap org>
Date: Mon, 27 Apr 2015 13:37:41 -0700
On Mon, Apr 27, 2015 at 8:55 AM, Anthony Ferrara <ircmaxell () gmail com> wrote:
Just for clarification, was the project given a chance to fix this or notified in any way prior to public announcement?
Apparently WordPress completely ignored all of their notification attempts. Klikki just added this paragraph to the online version of their advisory ( http://klikki.fi/adv/wordpress2.html): "WordPress has refused all communication attempts about our ongoing security vulnerability cases since November 2014. We have tried to reach them by email, via the national authority (CERT-FI), and via HackerOne. No answer of any kind has been received since November 20, 2014. According to our knowledge, their security response team have also refused to respond to the Finnish communications regulatory authority who has tried to coordinate resolving the issues we have reported, and to staff of HackerOne, which has tried to clarify the status our open bug tickets." Sigh, Fyodor _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- WordPress 4.2 stored XSS Jouko Pynnonen (Apr 26)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 26)
- Re: WordPress 4.2 stored XSS Hanno Böck (Apr 27)
- Re: WordPress 4.2 stored XSS Winni Neessen (Apr 27)
- Re: WordPress 4.2 stored XSS C0r3dump3d (Apr 28)
- Re: WordPress 4.2 stored XSS Winni Neessen (Apr 27)
- Re: WordPress 4.2 stored XSS Anthony Ferrara (Apr 27)
- Re: WordPress 4.2 stored XSS Fyodor (Apr 27)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 27)
- Re: WordPress 4.2 stored XSS Ryan Dewhurst (Apr 27)
- Re: WordPress 4.2 stored XSS Scott Arciszewski (Apr 27)