jamesbond

No problem. If there is anything else I can do to help or if you have any questions please let me know ??

James

I understand. There are alot of guys out there who do not know what they are doing and just want their recognition, and don’t care how the vulnerability works or how to fix it.

It was very detailed. I have been doing this for a while ??

https://www.gulftech.org

The vulnerability is sql injection, but using that sql injection you can elevate your status and execute php code, and from there gain a remote shell. No other details will be given out until at least a good week after wordpress releases a patch (give people time to upgrade). I was able to contact a member of the wordpress team (podz) so this thread is pointless now. Please delete it or leave it if you think giving everyone a headz up will make the upgrade be taken more seriously.

Regards,

James

I have sent additional info to t2 @ tamba2 . org . uk

Thanks again for your help ??

Sorry about that, but you can never be too careful ?? Anyway, the developers can reach me at security a|t gulftech d|o|t org however I have already emailed them, so they can simply check their email.

Again, this is about as high risk of a vulnerability as you can get when it comes to php applications, so the sooner a fix is released the better ??

Kind Regards,

James

Nice try, how about please having the developers check their security@wordpress email or emailing me at the email I have on file here.