oss-sec mailing list archives
Re: Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin
From: Henri Salo <henri () nerv fi>
Date: Thu, 5 Feb 2015 19:53:47 +0200
On Thu, Feb 05, 2015 at 11:52:19AM -0500, cve-assign () mitre org wrote:
Use CVE-2015-1494.
Please note they released 3.0.4 to mitigate the problem in case someone updates, but does not remove malicious code. This is unusual from WordPress plugin authors. I am very happy to see improvement. 3.0.4 Renamed the setting affected by the security issue mentioned in 3.0.3. This should stop the malicious code from appearing on sites where the plugin is updated without removing the malicious code. -- Henri Salo
Current thread:
- CVE request for Zero-day in the Fancybox-for-WordPress Plugin Kurt Seifried (Feb 04)
- Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin cve-assign (Feb 05)
- Re: Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin Henri Salo (Feb 05)
- Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin cve-assign (Feb 05)