25 matches found
PT-2025-23737 · WordPress · Campus Directory – Faculty
Name of the Vulnerable Software and Affected Versions: Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress versions up to, and including, 1.9.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's emd mb meta shortcode due to insufficient input...
PT-2024-37425 · WordPress · Wanotifier
Name of the Vulnerable Software and Affected Versions: WANotifier WordPress plugin versions prior to 2.6.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...
PT-2023-16384 · WordPress · All In One Seo Pack
Name of the Vulnerable Software and Affected Versions: All in One SEO Pack plugin for WordPress versions up to, and including, 4.2.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with...
DSA-5279-2 wordpress - security update
Bulletin has no description...
WordPress fixes multiple security vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. WordPress development team has released the security update to patch the following four vulnerabilities out of which three of them have high severity. CVE-2022-21661: A vulnerability exists in WPQuery class which is caused...
DLA-2731-1 wordpress - security update
Bulletin has no description...
DSA-4709-1 wordpress - security update
Bulletin has no description...
Fedora 30 : wordpress (2019-709c48a989)
WordPress 5.2.4 Security Release WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Security Updates - Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. - Props to J.D. Grimes who...
Debian DLA-1960-1 : wordpress security update
Several cross-site scripting XSS vulnerabilities were discovered in Wordpress, a popular content management framework. An attacker can use these flaws to send malicious scripts to an unsuspecting user. For Debian 8 'Jessie', these problems have been fixed in version 4.1.27+dfsg-0+deb8u1. We...
Fedora 28 : wordpress (2018-2ef9089e89)
WordPress 4.9.5 Security and Maintenance Release WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issue...
DLA-1096-1 wordpress-shibboleth - security update
Bulletin has no description...
Fedora 26 : wordpress (2017-fe7c3c9c30)
WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues : - Insufficient redirect validation in the HTTP class. Reported by Ronni...
DSA-3870-1 wordpress - security update
Bulletin has no description...
Fedora 23 : wordpress-4.4.1-1.fc23 (2016-21f5261525)
WordPress 4.4.1 Security and Maintenance Release WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L. There were also several non-security bug fixes: Emoji support has been updated to includ...
Debian DLA-418-1 : wordpress security update
WordPress versions 4.4.1 and earlier are affected by two security issues: a possible Side Request Forgery Vulnerability for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar. CVE-2016-2221 Wordpress could be vulnerable for an open...
Fedora 21 : wordpress-4.2.4-1.fc21 (2015-12148)
WordPress 4.2.4 Security and Maintenance Release WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a...
MGASA-2014-0328 Updated wordpress packages fix security vulnerabilities
Multiple vulnerabilities in WordPress before 3.9.2, including denial of service and information disclosure issues related to XML entity expansion. The wordpress package has been updated to version 3.9.2 to fix these issues. See the release announcement for more details...
MGASA-2013-0285 Updated wordpress and php-phpmailer packages fix security vulnerabilities
wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations CVE-2013-4338. WordPress before 3.6.1 does not properly validate URLs before...
Fedora 18 : wordpress-3.5.2-1.fc18 (2013-11630)
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also...
Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692)
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: F...