oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request for XSS and CSRF vulnerability in wordpress plugin WP-Stats

From: Sebastian Wolfgang Kraemer | HSASec <Sebastian.Kraemer () HS-Augsburg de>
Date: Wed, 17 Jun 2015 14:04:28 +0200
Greetings,

we discovered a vulnerability in the following component and want to
request a CVE for it:

Product-Type:     
Wordpress Plugin

Product:         
WP-Stats (https://de.wordpress.org/plugins/wp-stats/)

Version:         
2.51

Vendor:         
lesterchan () gmail com

Fixed:             
reported: 2015-06-16
fixed in version 2.52, 2015-06-17

Changelog:         
https://wordpress.org/plugins/wp-stats/changelog/

PoC available:     
yes

Description:
persistent XSS in wordpress-admin-panel enabled by csrf-vulnerability in
admin-menu of plugin

Researchers:
* Michael Kapfer (Michael.Kapfer () hs-augsburg de)
* Sebastian Kraemer (Sebastian.Kraemer () hsasec de)


Best regards,
 the HSASec-Team
 (https://www.hsasec.de)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Previous By Date Next
Previous By Thread Next

Current thread: