6 matches found
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
Debian DLA-1673-1 : wordpress security update
CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148 Contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the...
[SECURITY] [DLA 1673-1] wordpress security update
Package : wordpress Version : 4.1.25+dfsg-1+deb8u1 CVE ID : CVE-2018-20147 CVE-2018-20148 CVE-2018-20149 CVE-2018-20150 CVE-2018-20151 CVE-2018-20152 CVE-2018-20153 Debian Bug : 916403 CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148...
WordPress Multiple Vulnerabilities (Dec 2018) - Windows
WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2018-20148
CVE-2018-20148 affects WordPress versions prior to 4.9.9 and 5.x prior to 5.0.1. The issue stems from mishandling of serialized data at phar:// URLs in wp-includes/post.php: wp_get_attachment_thumb_file can mishandle metadata and lead to PHP object injection via crafted wp.getMediaItem XMLRPC cal...