oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability

From: Henri Salo <henri () nerv fi>
Date: Tue, 15 May 2012 22:41:25 +0300
Hello,

WordPress plugin wp-facethumb version 0.1 is affected to reflected XSS vulnerability. This issue is fixed in version 
0.2. Could I get 2012 CVE-identifier for this issue, thanks.

Changelog: http://plugins.svn.wordpress.org/wp-facethumb/trunk/readme.txt
Original advisory: http://cxsecurity.com/issue/WLB-2012050106
My report to developer: http://wordpress.org/support/topic/plugin-wp-facethumb-reflected-xss-vulnerability-cwe-79
Plugin URL: http://wordpress.org/extend/plugins/wp-facethumb/ (will show up very soon. WP admins disabled this until 
fix is done)

Diff included between tags 0.1 and 0.2.

- Henri Salo

Attachment: wp-facethumb.diff
Description:

Previous By Date Next
Previous By Thread Next

Current thread: