DSA-3328-1 wordpress -- wordpressID: oval:org.secpod.oval:def:602189 | Date: (C)2015-08-28 (M)2021-11-08 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation. CVE-2015-5623 A cross site scripting vulnerability allowed users with the Contributor or Author role to elevate their privileges. The oldstable distribution is only affected by CVE-2015-5622. This less critical issue will be fixed at a later time.