[Bug 245211] New: Wordpress 2.2: SQL injection, XSS vulnerabilities

Thu Jun 21 17:57:01 UTC 2007

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245211

           Summary: Wordpress 2.2: SQL injection, XSS vulnerabilities
           Product: Fedora
           Version: f7
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: low
          Priority: low
         Component: wordpress
        AssignedTo: jwb at redhat.com
        ReportedBy: ville.skytta at iki.fi
         QAContact: extras-qa at fedoraproject.org
                CC: fedora-security-list at redhat.com

XML-RPC SQL injection:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3140

Cross site scripting:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3238
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3239
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3240
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3241

Note: these have been reported against Wordpress 2.2, I haven't investigated
whether 2.1.3 currently in Fedora is affected.

Also, 2.2.1 seems to have been released today, fixing at least some of these issues.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.