oss-sec mailing list archives
CVE Requests for WordPress 3.6.1
From: Andrew Nacin <nacin () wordpress org>
Date: Wed, 11 Sep 2013 17:28:26 -0400
Three issues fixed in WordPress 3.6.1: http://codex.wordpress.org/Version_3.6.1 * Unsafe PHP unserialization. CWE-502. http://core.trac.wordpress.org/changeset/25325. * Open Redirect / Insufficient Input Validation. CWE-601. http://core.trac.wordpress.org/changeset/25323 and http://core.trac.wordpress.org/changeset/25324. * Privilege Escalation: a user with an Author role, using a specially crafted request, was able to create a post that was marked as "written by" another user. http://core.trac.wordpress.org/changeset/25321.
Current thread:
- CVE Requests for WordPress 3.6.1 Andrew Nacin (Sep 11)
- Re: CVE Requests for WordPress 3.6.1 Kurt Seifried (Sep 11)