WordPress.org

Ready to get started?Download WordPress

Forums

A Page Flip Book
[resolved] PageflipBook pageflipbook_language parameter local file inclusion (4 posts)

  1. henrisalo
    Member
    Posted 11 months ago #

    I noticed following issue: http://www.securityfocus.com/bid/54368/info

    Is this valid security vulnerability? Have you fixed this in some version already? Is there CVE available for this?

    http://wordpress.org/extend/plugins/wppageflip/

  2. AW360
    Member
    Plugin Author

    Posted 9 months ago #

    Hi henrisalo,

    Thanks for your alert. Yes the problem wads solved since last version.

    Hope you enjoy our plugin.

  3. henrisalo
    Member
    Posted 7 months ago #

    In the future could you please include changes to changelog (in your http://plugins.svn.wordpress.org/wppageflip/trunk/readme.txt). It would be also nice if you wouldn't remove old changelogs when you release new version. Also there should be CVE <http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures> for communicating about this issue. For example I want to tell users to update to at least version, which fixed this security vulnerability. LFI vulnerability could be used for example to read WordPress installation configuration file.

    If this security vulnerability is indeed still missing CVE I could request one if that is OK for you (e.g. you haven't done so already)? Could you tell me what version of the plugin is patched, thanks?

    I'm just trying to help here :)
    Other reference URL: http://osvdb.org/83667

  4. AW360
    Member
    Plugin Author

    Posted 7 months ago #

    Hi Henrisalo,

    Great to read this, I really appreciated constructive ideas like yours.

    Next release will integrate your comments.

    Best !

Reply

You must log in to post.

About this Plugin

About this Topic

Tags