FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362910
Date:      2014-07-25
Time:      14:12:54Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
049332d2-f6e1-11e2-82f3-000c29ee3065wordpress -- multiple vulnerabilities

The wordpress development team reports:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site
  • Disallow contributors from improperly publishing posts
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities
  • Prevention of a denial of service attack, affecting sites using password-protected posts
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability
  • Multiple fixes for cross-site scripting
  • Avoid disclosing a full file path when a upload fails

Discovery 2013-06-21
Entry 2013-07-27
Modified 2014-04-30
wordpress
lt 3.5.2,1

zh-wordpress-zh_CN
lt 3.5.2

zh-wordpress-zh_TW
lt 3.5.2

de-wordpress
lt 3.5.2

ja-wordpress
lt 3.5.2

ru-wordpress
lt 3.5.2

CVE-2013-2199
CVE-2013-2200
CVE-2013-2201
CVE-2013-2202
CVE-2013-2203
CVE-2013-2204
CVE-2013-2205
https://wordpress.org/news/2013/06/wordpress-3-5-2/
043d3a78-f245-4938-9bc7-3d0d35dd94bfwordpress -- multiple vulnerabilities

The wordpress development team reports:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, we've adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.


Discovery 2013-09-11
Entry 2013-10-19
Modified 2014-04-30
zh-wordpress-zh_CN
lt 3.6.1

zh-wordpress-zh_TW
lt 3.6.1

de-wordpress
lt 3.6.1

ja-wordpress
lt 3.6.1

ru-wordpress
lt 3.6.1

wordpress
lt 3.6.1

CVE-2013-4338
CVE-2013-4339
CVE-2013-4340
CVE-2013-5738
CVE-2013-5739
http://wordpress.org/news/2013/09/wordpress-3-6-1/