Support » Plugin: A Page Flip Book » PageflipBook pageflipbook_language parameter local file inclusion
3 years, 9 months ago
I noticed following issue: http://www.securityfocus.com/bid/54368/info
Is this valid security vulnerability? Have you fixed this in some version already? Is there CVE available for this?
3 years, 8 months ago
Thanks for your alert. Yes the problem wads solved since last version.
Hope you enjoy our plugin.
3 years, 6 months ago
In the future could you please include changes to changelog (in your http://plugins.svn.wordpress.org/wppageflip/trunk/readme.txt). It would be also nice if you wouldn’t remove old changelogs when you release new version. Also there should be CVE <http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures> for communicating about this issue. For example I want to tell users to update to at least version, which fixed this security vulnerability. LFI vulnerability could be used for example to read WordPress installation configuration file.
If this security vulnerability is indeed still missing CVE I could request one if that is OK for you (e.g. you haven’t done so already)? Could you tell me what version of the plugin is patched, thanks?
I’m just trying to help here 🙂
Other reference URL: http://osvdb.org/83667
3 years, 5 months ago
Great to read this, I really appreciated constructive ideas like yours.
Next release will integrate your comments.