wordpress -- multiple vulnerabilities

2015-09-1500:00:00

vuxml.freebsd.org

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.126 Low

EPSS

Percentile

95.4%

JSON

Samuel Sidler reports:

WordPress 4.3.1 is now available. This is a security
release for all previous versions and we strongly
encourage you to update your sites immediately.

WordPress versions 4.3 and earlier are vulnerable
to a cross-site scripting vulnerability when processing
shortcode tags (CVE-2015-5714). Reported by Shahar Tal
and Netanel Rubin of Check Point.
A separate cross-site scripting vulnerability was found
in the user list table. Reported by Ben Bidner of the
WordPress security team.
Finally, in certain cases, users without proper
permissions could publish private posts and make
them sticky (CVE-2015-5715). Reported by Shahar Tal
and Netanel Rubin of Check Point.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchwordpress< 4.3.1,1UNKNOWN
FreeBSDanynoarchde-wordpress< 4.3.1UNKNOWN
FreeBSDanynoarchja-wordpress< 4.3.1UNKNOWN
FreeBSDanynoarchru-wordpress< 4.3.1UNKNOWN
FreeBSDanynoarchzh-wordpress-zh_cn< 4.3.1UNKNOWN
FreeBSDanynoarchzh-wordpress-zh_tw< 4.3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	wordpress	< 4.3.1,1	UNKNOWN
FreeBSD	any	noarch	de-wordpress	< 4.3.1	UNKNOWN
FreeBSD	any	noarch	ja-wordpress	< 4.3.1	UNKNOWN
FreeBSD	any	noarch	ru-wordpress	< 4.3.1	UNKNOWN
FreeBSD	any	noarch	zh-wordpress-zh_cn	< 4.3.1	UNKNOWN
FreeBSD	any	noarch	zh-wordpress-zh_tw	< 4.3.1	UNKNOWN