[resolved] CVE-2012-4448 Security Vulnerability and Version 3.5 (4 posts)

  1. MrM2012
    Posted 2 years ago #

    Can anyone confirm for me whether 3.5 closes this security vulnerability regarding the Incoming Links Dashboard: http://www.cvedetails.com/cve/CVE-2012-4448/#references

    I have seen suggestions elsewhere it does, but I haven't found any formal confirmation.

  2. Andrew Nacin
    Lead Developer
    Posted 2 years ago #

    We don't consider CVE-2012-4448 to be a critical vulnerability, but we've been working on a maintenance release for 3.4 that will fix this.

  3. MrM2012
    Posted 2 years ago #

    Thanks. Is anything else planned to be included in that maintenance release other than this fix and are you able to share high level timelines?

  4. dave1010
    Posted 2 years ago #

    CVE-2012-4448 should be resolved by this change http://core.trac.wordpress.org/changeset/22930

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.