FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362844
Date:      2014-07-24
Time:      20:12:51Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
559e00b7-6a4d-11e2-b6b0-10bf48230856wordpress -- multiple vulnerabilities

Wordpress reports:

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
  • Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
  • A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Discovery 2013-01-24
Entry 2013-01-29
Modified 2014-04-30
wordpress
lt 3.5.1,1

zh-wordpress-zh_CN
lt 3.5.1

zh-wordpress-zh_TW
lt 3.5.1

de-wordpress
lt 3.5.1

ja-wordpress
lt 3.5.1

ru-wordpress
lt 3.5.1

CVE-2013-0235
CVE-2013-0236
CVE-2013-0237
049332d2-f6e1-11e2-82f3-000c29ee3065wordpress -- multiple vulnerabilities

The wordpress development team reports:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site
  • Disallow contributors from improperly publishing posts
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities
  • Prevention of a denial of service attack, affecting sites using password-protected posts
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability
  • Multiple fixes for cross-site scripting
  • Avoid disclosing a full file path when a upload fails

Discovery 2013-06-21
Entry 2013-07-27
Modified 2014-04-30
wordpress
lt 3.5.2,1

zh-wordpress-zh_CN
lt 3.5.2

zh-wordpress-zh_TW
lt 3.5.2

de-wordpress
lt 3.5.2

ja-wordpress
lt 3.5.2

ru-wordpress
lt 3.5.2

CVE-2013-2199
CVE-2013-2200
CVE-2013-2201
CVE-2013-2202
CVE-2013-2203
CVE-2013-2204
CVE-2013-2205
https://wordpress.org/news/2013/06/wordpress-3-5-2/
043d3a78-f245-4938-9bc7-3d0d35dd94bfwordpress -- multiple vulnerabilities

The wordpress development team reports:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, we've adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.


Discovery 2013-09-11
Entry 2013-10-19
Modified 2014-04-30
zh-wordpress-zh_CN
lt 3.6.1

zh-wordpress-zh_TW
lt 3.6.1

de-wordpress
lt 3.6.1

ja-wordpress
lt 3.6.1

ru-wordpress
lt 3.6.1

wordpress
lt 3.6.1

CVE-2013-4338
CVE-2013-4339
CVE-2013-4340
CVE-2013-5738
CVE-2013-5739
http://wordpress.org/news/2013/09/wordpress-3-6-1/