oss-sec mailing list archives

Re: WordPress 3.9.2 release - needs CVE's

From: Andrew Nacin <nacin () wordpress org>
Date: Thu, 14 Aug 2014 00:57:36 -0400

On Wed, Aug 13, 2014 at 1:47 AM, <cve-assign () mitre org> wrote:


 > XSS: https://core.trac.wordpress.org/changeset/29398

We think this can have a CVE ID only if it allows privilege escalation
from Administrator to Super Admin in a Multisite installation. Does
it? (On other installations, Administrator has the unfiltered_html
capability.)


Yes.

Current thread:

WordPress 3.9.2 release - needs CVE's Kurt Seifried (Aug 06)
- Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 06)
  - Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 12)
    - Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 13)
    - Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 13)
  - GetID3 CVE-2014-2053 XXE issue [was Re: [oss-security] WordPress 3.9.2 release - needs CVE's] Murray McAllister (Aug 14)