Am 27.04.2015 um 16:55 schrieb Hanno Böck <ha...@hboeck.de>: > As there is still no fix from upstream I created a quick'n'dirty fix > for it: > https://gist.github.com/hannob/a07f7b7e196c75c4c1a8 > https://files.hboeck.de/wordpress-4.2-emergency-fix-xss.diff >
Looks like the WP team published an official fix: https://wordpress.org/news/2015/04/wordpress-4-2-1/ <https://wordpress.org/news/2015/04/wordpress-4-2-1/> "A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.“ Winni
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
