| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130325132853.GB15418@kludge.henri.nerv.fi>
Date: Mon, 25 Mar 2013 15:28:53 +0200
From: Henri Salo <henri@...v.fi>
To: "Fernando A. Lagos B." <fernando@...ial.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: XSS vulnerability on WP-Banners-Lite
(wordpress plugin)
On Mon, Mar 25, 2013 at 08:53:28AM -0300, Fernando A. Lagos B. wrote:
> I. Background
> --------------
> [-] Affected plugin: WP Banners Lite
> [-] Plugin Description: The plugin easily allows you to manage ad
> banners on your site.
> [-] Plugin URL: http://wordpress.org/extend/plugins/wp-banners-lite/
> [-] Tested Version: 1.29, 1.31, 1.40
> [-] Reported: YES - but no answer
> [-] Report Date: 03/12/13
> [-] Published:
> http://blog.zerial.org/seguridad/vulnerabilidad-en-plugin-para-wordpress-afecta-a-mas-de-200-sitios/
You can report next issue to the plugins<snip>wordpress.org address and they will
remove the plugin from showing up in plugin index site[1] or whatever it is
called and users can't install it using WordPress administrator-interface before
developer of the plugin has fixed the vulnerability. I will send the
plugins-guys email right now to get the process on-going. You can also directly
contact me in case you need help coordinating issues. Have a great day.
1: http://wordpress.org/extend/plugins/wp-banners-lite/
--
Henri Salo
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists