Debian DSA-4193-1 : wordpress - security update

Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at...

Debian: Security Advisory (DLA-1366-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1366-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u21 CVE ID : CVE-2018-10100 CVE-2018-10102 Debian Bug : 895034 Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2018-10100 The redirection URL...

CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

CVE-2018-10100

CVE-2018-10100 affects WordPress, with the login redirect URL not validated/sanitized when HTTPS is forced (pre-4.9.5). Related issues include CVE-2018-10102, where the generator tag’s version string could enable XSS via unsanitized output. Debian and Debian-LTS advisories (DSA-4193-1, DLA-1366-1...