[arch-security] [ASA-201508-2] wordpress: multiple issues
rgacogne at archlinux.org
Fri Aug 7 09:11:37 UTC 2015
Arch Linux Security Advisory ASA-201508-2
Date : 2015-08-07
CVE-ID : CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732
Package : wordpress
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package wordpress before version 4.2.4-1 is vulnerable to multiple
issues, including XSS and SQL injection.
Upgrade to 4.2.4-1>.
# pacman -Syu "wordpress>=4.2.4-1"
The problem has been fixed upstream in version 4.2.4.
SQL injection in comments ID.
Timing attack in widgets.
Denial of service by locking a post from being edited.
- CVE-2015-5732, CVE-2015-5733 CVE-2015-5734:
A remote attacker could lock a post from being edited, or compromise a
site running wordpress.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security