[arch-security] [ASA-201609-4] wordpress: multiple issues
Jelle van der Waa
jelle at archlinux.org
Fri Sep 9 10:05:27 UTC 2016
Arch Linux Security Advisory ASA-201609-4
Date : 2016-09-09
CVE-ID : CVE-2016-7168 CVE-2016-7169
Package : wordpress
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package wordpress before version 4.6-1 is vulnerable to multiple
Upgrade to 4.6-1.
# pacman -Syu "wordpress>=4.6-1"
The problem has been fixed upstream in version 4.6.
- CVE-2016-7168 (cross-site scripting)
A cross-site scripting vulnerability via an image filename, reported by
SumOfPwm researcher Cengiz Han Sahin.
- CVE-2016-7169 (directory traversal)
A directory traversal vulnerability in the upgrade package uploader, reported
by Dominik Schilling from the Wordpress security team.
A remote attacker can perform a presistent cross-site scripting
attack on a WordPress installation or perform directory traversal.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: not available
More information about the arch-security