FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability

Affected packages
de-wordpress < 2.6.3
wordpress < 2.6.3
wordpress-mu < 2.6.3

Details

VuXML ID 3a4a3e9c-a1fe-11dd-81be-001c2514716c
Discovery 2008-10-23
Entry 2008-10-24

The Wordpress development team reports:

A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.

References

Bugtraq ID 31887
URL http://secunia.com/Advisories/32361/
URL http://wordpress.org/development/2008/10/wordpress-263/