4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.9%
The wordpress development team reports:
Blocking server-side request forgery attacks, which could
potentially enable an attacker to gain access to a site
Disallow contributors from improperly publishing posts
An update to the SWFUpload external library to fix cross-site
scripting vulnerabilities
Prevention of a denial of service attack, affecting sites
using password-protected posts
An update to an external TinyMCE library to fix a cross-site
scripting vulnerability
Multiple fixes for cross-site scripting
Avoid disclosing a full file path when a upload fails
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | wordpress | < 3.5.2,1 | UNKNOWN |
FreeBSD | any | noarch | zh-wordpress-zh_cn | < 3.5.2 | UNKNOWN |
FreeBSD | any | noarch | zh-wordpress-zh_tw | < 3.5.2 | UNKNOWN |
FreeBSD | any | noarch | de-wordpress | < 3.5.2 | UNKNOWN |
FreeBSD | any | noarch | ja-wordpress | < 3.5.2 | UNKNOWN |
FreeBSD | any | noarch | ru-wordpress | < 3.5.2 | UNKNOWN |