Forums

WordPress › Support » Plugins and Hacks

bSuite
[resolved] XSS security vulnerability in 407 (7 posts)

  1. henrisalo
    Member
    Posted 4 months ago #

    http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/

    Please fix this and release new version of this plugin. I can even give you a patch if needed. Please contact me as soon as possible.

    http://wordpress.org/extend/plugins/bsuite/

  2. henrisalo
    Member
    Posted 4 months ago #

    Probably a working solution: http://osvdb.org/show/osvdb/74046

  3. Mark (podz)
    Support Maven
    Posted 4 months ago #

    Author emailed, plugin closed until a fix has been provided.

    For future readers:

    Please always email plugins@wordpress.org before posting about any security issues. We always take fast action.

  4. henrisalo
    Member
    Posted 4 months ago #

    It is great news that you reacted to this case. This has been public for a while: http://secunia.com/advisories/45234/

  5. Casey Bisson
    Member
    Posted 2 months ago #

    @henrisalo: thanks for the report. I believe the vulnerability is fixed in r520611, but please do let me know if you see something else.

  6. henrisalo
    Member
    Posted 1 month ago #

    Asked CVE-identifier in here: http://seclists.org/oss-sec/2012/q2/89

  7. henrisalo
    Member
    Posted 1 month ago #

    CVE-2011-4955 assigned.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags