oss-sec mailing list archives
CVE request for XSS and CSRF vulnerability in wordpress plugin WP-Stats
From: Sebastian Wolfgang Kraemer | HSASec <Sebastian.Kraemer () HS-Augsburg de>
Date: Wed, 17 Jun 2015 14:04:28 +0200
Greetings, we discovered a vulnerability in the following component and want to request a CVE for it: Product-Type: Wordpress Plugin Product: WP-Stats (https://de.wordpress.org/plugins/wp-stats/) Version: 2.51 Vendor: lesterchan () gmail com Fixed: reported: 2015-06-16 fixed in version 2.52, 2015-06-17 Changelog: https://wordpress.org/plugins/wp-stats/changelog/ PoC available: yes Description: persistent XSS in wordpress-admin-panel enabled by csrf-vulnerability in admin-menu of plugin Researchers: * Michael Kapfer (Michael.Kapfer () hs-augsburg de) * Sebastian Kraemer (Sebastian.Kraemer () hsasec de) Best regards, the HSASec-Team (https://www.hsasec.de)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- CVE request for XSS and CSRF vulnerability in wordpress plugin WP-Stats Sebastian Wolfgang Kraemer | HSASec (Jun 17)