wordpress -- multiple vulnerabilities

2013-09-11T00:00:00
ID 043D3A78-F245-4938-9BC7-3D0D35DD94BF
Type freebsd
Reporter FreeBSD
Modified 2014-04-30T00:00:00

Description

The wordpress development team reports:

Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, we've adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.