The wordpress development team reports:
Block unsafe PHP unserialization that could occur in limited
situations and setups, which can lead to remote code
execution.
Prevent a user with an Author role, using a specially crafted
request, from being able to create a post “written by” another
user.
Fix insufficient input validation that could result in
redirecting or leading a user to another website.
Additionally, we’ve adjusted security restrictions around file
uploads to mitigate the potential for cross-site scripting.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | zh-wordpress-zh_cn | < 3.6.1 | UNKNOWN |
FreeBSD | any | noarch | zh-wordpress-zh_tw | < 3.6.1 | UNKNOWN |
FreeBSD | any | noarch | de-wordpress | < 3.6.1 | UNKNOWN |
FreeBSD | any | noarch | ja-wordpress | < 3.6.1 | UNKNOWN |
FreeBSD | any | noarch | ru-wordpress | < 3.6.1 | UNKNOWN |
FreeBSD | any | noarch | wordpress | < 3.6.1 | UNKNOWN |