[wp-trac] [WordPress Trac] #43308: Mitigate CVE 2018-6389
WordPress Trac
noreply at wordpress.org
Wed Feb 14 01:18:09 UTC 2018
#43308: Mitigate CVE 2018-6389
---------------------------+-----------------------------
Reporter: youngcp | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Script Loader | Version: 4.9.4
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
Based mostly on https://github.com/WazeHell/CVE-2018-638
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-
websites.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
Loads full `wp-admin/admin.php` during `wp-admin/load-scripts.php` and
`wp-admin/load-styles.php`
Removes `wp-admin/includes/noop.php`
Patch: https://patch-
diff.githubusercontent.com/raw/WordPress/WordPress/pull/343.patch
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43308>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list