oss-sec mailing list archives
CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6
From: Matthew Daley <mattd () bugfuzz com>
Date: Sat, 11 Apr 2015 21:31:54 +1200
I'd like to request a CVE ID for this issue. This is the first such request; this message serves as an advisory as well. Affected software: Floating Social Bar (Wordpress plugin) Affected versions: 1.0.1 - 1.1.6 Website: https://wordpress.org/plugins/floating-social-bar/ Reported by: Matthew Daley Description: One of the plugin's unauthenticated AJAX action handlers is vulnerable to a stored cross-site scripting vulnerability. By invoking the action with certain parameters, it is possible for unauthenticated attackers to force the persistent injection of arbitrary script across the site's post pages. Fixed version: 1.1.7 Fix: https://plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk Changelog: https://plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk#file5 - Matthew Daley
Current thread:
- CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 Matthew Daley (Apr 11)
- Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 cve-assign (Apr 12)
- Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 Matthew Daley (Apr 13)
- Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 cve-assign (Apr 13)
- Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 Matthew Daley (Apr 13)
- Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 cve-assign (Apr 12)