Page MenuHomeFreeBSD
Differential D10789

security/vuxml: Wordpress - multible vulnerabilities
ClosedPublic
Actions

Authored by joneum on May 18 2017, 9:38 AM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 20 2023, 6:10 AM
Unknown Object (File)
Nov 6 2023, 7:38 PM
Unknown Object (File)
Oct 5 2023, 6:45 PM
Unknown Object (File)
Jun 15 2023, 10:03 AM
Unknown Object (File)
Jun 3 2023, 1:26 AM
Unknown Object (File)
May 26 2023, 9:59 PM
Subscribers
None

Details

Reviewers
rene
tz
miwi
Commits
rP441435: - Document Wordpress multible vulnerabilities
Summary

Wordpress - multible vulnerabilities

  • Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
  • Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
  • Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
  • A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
  • A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
  • A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

joneum created this revision.May 18 2017, 9:38 AM
miwi edited edge metadata.May 18 2017, 10:26 AM

make validated have been passed?

miwi added a comment.May 18 2017, 10:28 AM

I think your vuxml file is not in sync,

Patching file vuln.xml using Plan A...
Hunk #1 failed at 58.
1 out of 1 hunks failed--saving rejects to vuln.xml.rej

Please check again :).

miwi requested changes to this revision.May 18 2017, 10:28 AM
This revision now requires changes to proceed.May 18 2017, 10:28 AM
joneum updated this revision to Diff 28643.May 21 2017, 7:19 PM
joneum edited edge metadata.
miwi accepted this revision.May 22 2017, 6:21 AM
This revision is now accepted and ready to land.May 22 2017, 6:21 AM
joneum closed this revision.May 22 2017, 7:24 AM

Revision Contents
Changeset List

PathSize
40 lines

Diff 28643

View Options

vuln.xml

Loading...