Dave Cummo

Researcher fromNorthrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention
#21062of 53,633
11.8Total CVSS
Vulnerabilities · 2
Medium
1
High
1
PT-2013-4961
7.5
2013-09-12
WordPress · Wordpress · CVE-2013-4339
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.6.1 **Description** The issue allows remote attackers to bypass intended redirection restrictions by using a crafted string, due to improper validation of URLs before use in an HTTP redirect. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.
PT-2013-5760
4.3
2013-09-12
WordPress · Wordpress · CVE-2013-5738
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.6.1 **Description** The issue allows remote authenticated users to potentially conduct cross-site scripting (XSS) attacks via a crafted file. This is due to the `get allowed mime types` function not requiring the `unfiltered html` capability for uploads of `.htm` and `.html` files. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.