wordpress: multiple issues

2015-10-30T00:00:00
ID ASA-201510-24
Type archlinux
Reporter Arch Linux
Modified 2015-10-30T00:00:00

Description

  • CVE-2015-5714 (cross-side scripting)

A cross-site scripting vulnerability has been discovered when processing shortcode tags.

  • CVE-2015-5715 (insufficient permission restriction)

A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them sticky.

  • CVE-2015-7989 (cross-side scripting)

A cross-site scripting vulnerability has been discovered in the user list tables.