FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
505904d3-ea95-11e4-beaf-bcaec565249c	wordpress -- multiple vulnerabilities Gary Pendergast reports: WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team. We also fixed three other security issues: In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec. In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek. Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team. We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen. Discovery 2015-04-21 Entry 2015-04-24 Modified 2015-04-24 wordpress < 4.1.2 de-wordpress < 4.1.2 ja-wordpress < 4.1.2 ru-wordpress < 4.1.2 zh-wordpress-zh_CN < 4.1.2 zh-wordpress-zh_TW < 4.1.2 https://wordpress.org/news/2015/04/wordpress-4-1-2/

VuXML ID

Description

505904d3-ea95-11e4-beaf-bcaec565249c

wordpress -- multiple vulnerabilities

Gary Pendergast reports:

WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.

We also fixed three other security issues:

In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.

In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.

Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.

We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.

Discovery 2015-04-21
Entry 2015-04-24
Modified 2015-04-24
wordpress

< 4.1.2

de-wordpress

< 4.1.2

ja-wordpress

< 4.1.2

ru-wordpress

< 4.1.2

zh-wordpress-zh_CN

< 4.1.2

zh-wordpress-zh_TW

< 4.1.2

https://wordpress.org/news/2015/04/wordpress-4-1-2/