[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3383-1 wordpress -- wordpress

ID: oval:org.secpod.oval:def:602263Date: (C)2015-11-04   (M)2022-09-22
Class: PATCHFamily: unix




Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags. CVE-2015-5715 A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them sticky. CVE-2015-5731 An attacker could lock a post that was being edited. CVE-2015-5732 Cross-site scripting in a widget title allows an attacker to steal sensitive information. CVE-2015-5734 Fix some broken links in the legacy theme preview. CVE-2015-7989 A cross-site scripting vulnerability in user list tables.

Platform:
Debian 8.x
Debian 7.x
Product:
wordpress
Reference:
DSA-3383-1
CVE-2015-2213
CVE-2015-5622
CVE-2015-5714
CVE-2015-5715
CVE-2015-5731
CVE-2015-5732
CVE-2015-5734
CVE-2015-7989
CVE    8
CVE-2015-2213
CVE-2015-5731
CVE-2015-5622
CVE-2015-5732
...
CPE    5
cpe:/o:debian:debian_linux:7.x
cpe:/o:debian:debian_linux:8.x
cpe:/o:debian:debian_linux:8.0
cpe:/a:wordpress:wordpress
...

© SecPod Technologies