| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJjO9MnOGnGV8E2WpyLrNvoOb3tCcC4nOfvsMv9dbVudHpU5dQ@mail.gmail.com> Date: Mon, 27 Apr 2015 13:37:41 -0700 From: Fyodor <fyodor@...p.org> To: Anthony Ferrara <ircmaxell@...il.com> Cc: Full Disclosure Mailing List <fulldisclosure@...lists.org> Subject: Re: [FD] WordPress 4.2 stored XSS On Mon, Apr 27, 2015 at 8:55 AM, Anthony Ferrara <ircmaxell@...il.com> wrote: > Just for clarification, was the project given a chance to fix this or > notified in any way prior to public announcement? > Apparently WordPress completely ignored all of their notification attempts. Klikki just added this paragraph to the online version of their advisory ( http://klikki.fi/adv/wordpress2.html): "WordPress has refused all communication attempts about our ongoing security vulnerability cases since November 2014. We have tried to reach them by email, via the national authority (CERT-FI), and via HackerOne. No answer of any kind has been received since November 20, 2014. According to our knowledge, their security response team have also refused to respond to the Finnish communications regulatory authority who has tried to coordinate resolving the issues we have reported, and to staff of HackerOne, which has tried to clarify the status our open bug tickets." Sigh, Fyodor _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists