FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
14ea4458-e5cd-11e6-b56d-38d547003487	wordpress -- multiple vulnerabilities Aaron D. Campbell reports: WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but weâve added hardening to prevent plugins and themes from accidentally causing a vulnerability. A cross-site scripting (XSS) vulnerability was discovered in the posts list table. An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint. Discovery 2017-01-26 Entry 2017-01-29 wordpress < 4.7.2,1 de-wordpress ja-wordpress ru-wordpress zh-wordpress-zh_CN zh-wordpress-zh_TW < 4.7.2 CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 http://www.openwall.com/lists/oss-security/2017/01/28/5 https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/ https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/

VuXML ID

Description

14ea4458-e5cd-11e6-b56d-38d547003487

wordpress -- multiple vulnerabilities

Aaron D. Campbell reports:

WordPress versions 4.7.1 and earlier are affected by three security issues:

The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.

WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but weâve added hardening to prevent plugins and themes from accidentally causing a vulnerability.

A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.

Discovery 2017-01-26
Entry 2017-01-29
wordpress

< 4.7.2,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW

< 4.7.2

CVE-2017-5610
CVE-2017-5611
CVE-2017-5612
http://www.openwall.com/lists/oss-security/2017/01/28/5
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/