oss-sec mailing list archives
CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution
From: Henri Salo <henri () nerv fi>
Date: Tue, 6 Mar 2012 09:31:22 +0200
Can we assign CVE-identifier for this security vulnerability, thanks. http://osvdb.org/show/osvdb/78479 http://www.securityfocus.com/bid/51638 http://secunia.com/advisories/47688/ http://www.exploit-db.com/exploits/18412/ Plugin is disabled in WordPress (doesn't show up in http://wordpress.org/extend/plugins/), but SVN can be found from here: http://plugins.svn.wordpress.org/kish-guest-posting/trunk/ File http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt says: """ = 1.2 = security update for Uploadify Script """ But I haven't tested (yet) if that is valid fix for the vulnerability. - Henri Salo
Current thread:
- CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Henri Salo (Mar 05)