4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.8%
Package : wordpress
Version : 3.6.1+dfsg-1~deb6u7
CVE ID : CVE-2015-2213 CVE-2015-5622 CVE-2015-5731 CVE-2015-5732
CVE-2015-5734
Several vulnerabilities have been fixed in Wordpress, the popular
blogging engine.
CVE-2015-2213
SQL Injection allowed a remote attacker to compromise the site.
CVE-2015-5622
The robustness of the shortcodes HTML tags filter has been
improved. The parsing is a bit more strict, which may affect
your installation. This is the corrected version of the patch
that needed to be reverted in DSA 3328-2.
CVE-2015-5731
An attacker could lock a post that was being edited.
CVE-2015-5732
Cross site scripting in a widget title allows an attacker to
steal sensitive information.
CVE-2015-5734
Fix some broken links in the legacy theme preview.
The issues were discovered by Marc-Alexandre Montpas of Sucuri, Helen
Hou-SandΓ of the WordPress security team, Netanel Rubin of Check Point,
Ivan Grigorov, Johannes Schmitt of Scrutinizer and Mohamed A. Baset.
We recommend that you upgrade your wordpress packages.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | all | wordpress-l10n | <Β 4.1+dfsg-1+deb8u4 | wordpress-l10n_4.1+dfsg-1+deb8u4_all.deb |
Debian | 6 | all | wordpress-l10n | <Β 3.6.1+dfsg-1~deb6u7 | wordpress-l10n_3.6.1+dfsg-1~deb6u7_all.deb |
Debian | 8 | all | wordpress-theme-twentyfifteen | <Β 4.1+dfsg-1+deb8u4 | wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u4_all.deb |
Debian | 8 | all | wordpress-theme-twentythirteen | <Β 4.1+dfsg-1+deb8u4 | wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u4_all.deb |
Debian | 7 | all | wordpress | <Β 3.6.1+dfsg-1~deb7u8 | wordpress_3.6.1+dfsg-1~deb7u8_all.deb |
Debian | 8 | all | wordpress | <Β 4.1+dfsg-1+deb8u4 | wordpress_4.1+dfsg-1+deb8u4_all.deb |
Debian | 6 | all | wordpress | <Β 3.6.1+dfsg-1~deb6u7 | wordpress_3.6.1+dfsg-1~deb6u7_all.deb |
Debian | 8 | all | wordpress-theme-twentyfourteen | <Β 4.1+dfsg-1+deb8u4 | wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u4_all.deb |
Debian | 7 | all | wordpress-l10n | <Β 3.6.1+dfsg-1~deb7u8 | wordpress-l10n_3.6.1+dfsg-1~deb7u8_all.deb |