Skip to content

Commit

Permalink
Add CVE number
Browse files Browse the repository at this point in the history
  • Loading branch information
@ethicalhack3r
ethicalhack3r committed May 22, 2018
1 parent 2f14228 commit d49df70
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
3 changes: 2 additions & 1 deletion _posts/2018-05-22-loginizer-wordpress-plugin-xss-vulnerability.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ According to Loginizer's WordPress Plugin page: "Loginizer is a WordPress plugin

According to WordPress, at the time of writing the Plugin had ```700,000+``` active installations. The vulnerability discovered could allow an unauthenticated attacker to compromise a WordPress blog if the administrative user views the Loginizer log file.

This issue was patched within hours by the vendor in version 1.4.0.
This issue was patched within hours by the vendor in version 1.4.0. CVE assigned as CVE-2018-11366.

### Description

Expand Down Expand Up @@ -69,6 +69,7 @@ Users: Update to version 1.4.0, which fixes the vulnerability.
- 21/05/2018 11:50: Vendor notified.
- 21/05/2018 17:00: Vendor replies to ticket and releases a patched version, version 1.4.0.
- 22/05/2018 09:30: Advisory publicly released.
- 22/05/2018 14:10: CVE Assigned: CVE-2018-11366

### References

Expand Down
5 changes: 3 additions & 2 deletions _site/2018/05/22/loginizer-wordpress-plugin-xss-vulnerability.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ <h3 id="introduction">Introduction</h3>

<p>According to WordPress, at the time of writing the Plugin had <code class="highlighter-rouge">700,000+</code> active installations. The vulnerability discovered could allow an unauthenticated attacker to compromise a WordPress blog if the administrative user views the Loginizer log file.</p>

<p>This issue was patched within hours by the vendor in version 1.4.0.</p>
<p>This issue was patched within hours by the vendor in version 1.4.0. CVE assigned as CVE-2018-11366.</p>

<h3 id="description">Description</h3>

Expand Down Expand Up @@ -125,7 +125,8 @@ <h3 id="timeline">Timeline</h3>
<li>21/05/2018 11:00: Issue verified by Ryan (Dewhurst Security).</li>
<li>21/05/2018 11:50: Vendor notified.</li>
<li>21/05/2018 17:00: Vendor replies to ticket and releases a patched version, version 1.4.0.</li>
<li>22/05/2018 19:30: Advisory publicly released.</li>
<li>22/05/2018 09:30: Advisory publicly released.</li>
<li>22/05/2018 14:10: CVE Assigned: CVE-2018-11366</li>
</ul>

<h3 id="references">References</h3>
Expand Down
2 changes: 1 addition & 1 deletion _site/atom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<title>Dewhurst Security Blog</title>
<link href="https://blog.dewhurstsecurity.com/atom.xml" rel="self" />
<link href="https://blog.dewhurstsecurity.com/"/>
<updated>2018-05-22T09:27:44+02:00</updated>
<updated>2018-05-22T14:15:11+02:00</updated>
<id>https://blog.dewhurstsecurity.com</id>
<author>
<name>Dewhurst Security Blog</name>
Expand Down

0 comments on commit d49df70

Please sign in to comment.