[arch-security] [ASA-201510-24] wordpress: multiple issues
Arch Linux Security Advisory ASA-201510-24 ========================================== Severity: Medium Date : 2015-10-30 CVE-ID : 2015-5714 2015-5715 CVE-2015-7989 Package : wordpress Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package wordpress before version 4.3.1-1 is vulnerable to cross-side scripting and insufficient permission restriction. Resolution ========== Upgrade to 4.3.1-1. # pacman -Syu "wordpress>=4.3.1-1" The problems have been fixed upstream in version 4.3.1. Workaround ========== None. Description =========== - CVE-2015-5714 (cross-side scripting) A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 (insufficient permission restriction) A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them sticky. - CVE-2015-7989 (cross-side scripting) A cross-site scripting vulnerability has been discovered in the user list tables. Impact ====== A remote attacker is able do perform cross-side scripting attacks or publish private posts and make them sticky. References ========== https://access.redhat.com/security/cve/CVE-2015-5714 https://access.redhat.com/security/cve/CVE-2015-5715 https://access.redhat.com/security/cve/CVE-2015-7989 https://codex.wordpress.org/Version_4.3.1 http://seclists.org/oss-sec/2015/q4/178
participants (1)
-
Levente Polyak