WordPress Montezuma Theme Cross-Site Scripting Vulnerability | ww.wp.xz.cn

wikiknowledgee
(@wikiknowledgee)

13 years, 1 month ago

WordPress Montezuma theme is prone to a cross-site scripting vulnerability

[Remaining details moderated. Please do not post details of potential security issues in a public forum. See http://codex.ww.wp.xz.cn/FAQ_Security#Where_do_I_report_security_issues.3F%5D

Viewing 9 replies - 1 through 9 (of 9 total)

esmi
(@esmi)

13 years, 1 month ago

Please email details of the issues to security [at] ww.wp.xz.cn as per the above linked FAQ.

Theme Author bytesforall
(@bytesforall)

13 years, 1 month ago

New user account, first post, 3 lines of generic text that can be found thousand times all over the web, without any substance.

Looks like a copy & paste trolling attempt to me.

esmi
(@esmi)

13 years, 1 month ago

Dos Montezuma use ZeroClipboard.swf?

Theme Author bytesforall
(@bytesforall)

13 years, 1 month ago

Yes, in the backend

esmi
(@esmi)

13 years, 1 month ago

http://seclists.org/fulldisclosure/2013/Apr/88

Theme Author bytesforall
(@bytesforall)

13 years, 1 month ago

I had not thought about that third party library. New version uploaded to .org

@wikiknowledgee: Sorry for my tone. I was fairly sure my own code was o.k. but had not thought about 3rd party libs.

Thread Starter wikiknowledgee
(@wikiknowledgee)

13 years, 1 month ago

i was getting alerts from website defender

Thread Starter wikiknowledgee
(@wikiknowledgee)

13 years, 1 month ago

it’s ok, can u fix this security issue?

eitanc
(@eitanc)

13 years, 1 month ago

Should be fixed in version 1.1.9, downloadable from http://wordpress.bytesforall.com/2013/04/montezuma-1-1-9-and-atahualpa-3-7-12/

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘WordPress Montezuma Theme Cross-Site Scripting Vulnerability’ is closed to new replies.

9 replies
4 participants
Last reply from: eitanc
Last activity: 13 years, 1 month ago
Status: not resolved