wordpress: multiple issues

2016-09-09T00:00:00
ID ASA-201609-4
Type archlinux
Reporter Arch Linux
Modified 2016-09-09T00:00:00

Description

  • CVE-2016-7168 (cross-site scripting)

A cross-site scripting vulnerability via an image filename, reported by SumOfPwm researcher Cengiz Han Sahin.

  • CVE-2016-7169 (directory traversal)

A directory traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the Wordpress security team.