no, it doesnt matter. the vulnerability is yours and there is
absolutely no requirement for you to have reported in x amount of
time. you do not need to justify any amount of time.
Yeah, I know. I generally do intend to get things out promptly though,
and this was a whoops.
H
On 30/04/2014 1
Hi Illwill,
What circumstance would a WordPress admin not usually have this kind of access
anyhow?
As Dave said, there are various levels of administrator in WordPress.
But our perspective on these issues is just that a WordPress
administrator is not necessarily also a server administrator. P
On 2014-04-29 05:13, Illwill wrote:
What circumstance would a WordPress admin not usually have this kind of access
anyhow?
Although it's rarely used, WordPress does have the capability to support
multiple levels of administrators, in which case one may have access to
an already installed plu
What circumstance would a WordPress admin not usually have this kind of access
anyhow?
Why the delay in discovery til reporting?
On April 29, 2014 6:32:01 AM EDT, dxw Security wrote:
>Details
>
>Software: File Gallery
>Version: 1.7.7,1.7.9
>Homepage: http://wordpress.org/plugins/
Details
Software: File Gallery
Version: 1.7.7,1.7.9
Homepage: http://wordpress.org/plugins/file-gallery/
Advisory ID: dxw-1970-638
CVE: CVE-2014-2558
CVSS: 8 (High; AV:N/AC:L/Au:S/C:C/I:P/A:P)
Description
Arbitrary code execution by admins in File Gallery 1.7.7
V
