[VIM] WordPress Better WP Security Plugin HTML Injection Vulnerability
Henri Salo
henri at nerv.fi
Sat Aug 3 20:56:23 CDT 2013
On Fri, Aug 02, 2013 at 08:35:41PM +0000, George Theall wrote:
> Narayan / Venkat / Rob : what difference is there between BIDs 61562 and 61518? Both credit Richard Warren and involve an XSS vulnerability addressed in Better WP Security 3.5.4. The plugin's change log (http://www.wordpress.org/plugins/better-wp-security/changelog/) only lists one XSS issue:
>
> • Fixed an XSS vulnerability in the logevent function. Fix by Richard Warren
>
> George
> --
> theall at tenable.com
I can do diffing for commits if needed. Does this already have CVE identifier? There is at least issues:
http://osvdb.org/84737
http://osvdb.org/84738
http://osvdb.org/95884
---
Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.attrition.org/pipermail/vim/attachments/20130804/1aee7c9c/attachment.asc>
More information about the VIM
mailing list