WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#3781 closed defect (bug) (fixed)

Vulnerability in nonce AYS

Reported by: PsychoGun Owned by:
Milestone: 2.0.9 Priority: highest omg bbq
Severity: blocker Version: 2.0.7
Component: Security Keywords:
Focuses: Cc:

Description

Hi,

I found a vulnerability in wordpress, i made an exploit and i transmitted everything to
these security websites: mil0rwm, securityfocus, secunia ect
E-mail me if you want more specifications.

Change History (11)

#1 @foolswisdom
9 years ago

  • Milestone changed from 2.3 to 2.1.1

#2 @foolswisdom
9 years ago

Please email the details to security@… .

#3 @foolswisdom
9 years ago

LOL, that should be secuirty@… .

#4 @foolswisdom
9 years ago

Alright, I give up, going back to bed: security@…

#5 @Viper007Bond
9 years ago

  • Component changed from Administration to Security

#6 @Nazgul
9 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in [4876]

#7 @ryan
9 years ago

  • Milestone changed from 2.1.1 to 2.0.9
  • Version set to 2.0.7

#8 @foolswisdom
9 years ago

  • Severity changed from normal to blocker

Fixed on all branches
2.0.9 [4877]
2.1.1 [4876]
trunk [4875]

#9 @ryan
9 years ago

  • Summary changed from Vulnerability in wordpress to Vulnerability in nonce AYS

#11 @ryan
9 years ago

Fixed for both 2.0.9 and 2.1.1.

Note: See TracTickets for help on using tickets.