Arch Linux Security Advisory ASA-201601-2 ========================================= Severity: Medium Date : 2016-01-09 CVE-ID : CVE-2016-1564 Package : wordpress Type : cross-side scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package wordpress before version 4.4.1-1 is vulnerable to cross-side scripting. Resolution ========== Upgrade to 4.4.1-1. # pacman -Syu "wordpress>=4.4.1-1" The problem has been fixed upstream in version 4.4.1. Workaround ========== None. Description =========== A cross-site scripting vulnerability has been discovered that could allow a site to be compromised. Impact ====== A remote attacker is able to inject unescaped HTML and javascript leading to cross-side scripting that could result in a site to be compromised. References ========== https://access.redhat.com/security/cve/CVE-2016-1564 https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-... https://core.trac.wordpress.org/changeset/36185