oss-sec mailing list archives
CVE request: Mailpoet (wordpress-plugin) remote file upload exploited in the wild
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 24 Jul 2014 11:26:08 +0200
Hi, A remote file upload in the wordpress plugin Mailpoet is currently widely exploited: http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html It is fixed in the version 2.6.7. Upstream changelog: http://wordpress.org/plugins/wysija-newsletters/changelog/ Fixed security issue reported by Sucuri The changelog lists also another security issue, fixed in version 2.6.8, however without any details: Fixed security issue reported by our dear Dominic. Thank you sir! I know that CVE requests without details aren't liked much here, however at the moment I don't have the time to digg into version diffs. Please assign CVE for the first and proceed how you think appropriate for the second. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- CVE request: Mailpoet (wordpress-plugin) remote file upload exploited in the wild Hanno Böck (Jul 24)