oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: XSS in WP Super Cache < 1.4.3

From: Henri Salo <henri () nerv fi>
Date: Sat, 12 Mar 2016 12:25:44 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Apr 05, 2015 at 09:07:23AM +0200, Hanno Böck wrote:

https://wordpress.org/plugins/wp-super-cache/changelog/

1.4.3
Security release fixing an XSS bug in the settings page. Props Marc
Montpas from Sucuri.


Also post http://www.openwall.com/lists/oss-security/2015/04/05/2 notes that
this might be related commit:

https://plugins.trac.wordpress.org/changeset/1127138

This case seems to be still unassigned. Is it possible to get a CVE assigned for
this vulnerability, thank you? WP Super Cache does have over million active
installations according to the WordPress Plugin Directory. Is there a reason
that this never got assigned? If additional information is needed I can provide
it.

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJW4+6oAAoJECet96ROqnV06qcQALfVi9MrvjGYPY7cpEMhG/It
P2RMSKofO2ksRY/Lzs2O5TLnlggNcQX00K+3dhcUrnPrKVFpWLNvodhddy+1Z5Zn
0VCAOESlhaa7vhMVWKaOV8dzzO1ykfjOPZma5Ml1MOZSEwxTxCjScBPbKgFtTsNG
ApZC8KQqkF6tPP6leKvfhtPj56bSuuFsdcY7VsNhmvPcQl41F3YA2TEEw/22C+/p
496D+rmxkfI+bUei9p3L7KRbo+EBt9Jv0x3YrIUWVYHegjb1ETvcvN4RmTiSeu9U
XmusNg6+Ej83HPkJvZmM0Pyu7aAGqfRC788yI+tWojjlOci3qHI3bG2W8J7eHjyj
Qffifk3QpRX3r/UYFpovAst8gAsEfIKRze1SC+o6P1jRiS7zfufSCeSxj4vdcNA/
DAE2VQ7sgsuS1DmiENpHv5mHsVAtkb5QpjYVq+jK7fZHYPgq5DkwCyG987Z/Rv9S
72IDqPcHh5zsCiBRm1Fsi/6rX1KRNrAk4rD09Cd6+wU8ulXM8d/JPst6XpNynGl7
BQONyCNNGZdRy+JGXF0lZ5We1DQ7eHXEB+jkNnXP4JS7UefkoKBO2rjSKfVOWk2l
pN7VCCyaKsqKvSTtyEQ88Ipb7oIdGLVvHIzqdcWtnwwqwfvGjoHCerFdgdBZfH5c
GGscrRUOdTPqmpKSDjaV
=tCbo
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: