FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7b97b32e-27c4-11ea-9673-4c72b94353b5	wordpress -- multiple issues wordpress developers reports: Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. -Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links. -Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. -Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content. Discovery 2019-12-13 Entry 2019-12-26 wordpress fr-wordpress < 5.3.1,1 de-wordpress zh_CN-wordpress zh_TW-wordpress ja-wordpress ru-wordpress < 5.3.1 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/

VuXML ID

Description

7b97b32e-27c4-11ea-9673-4c72b94353b5

wordpress -- multiple issues

wordpress developers reports:

Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. -Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links. -Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. -Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Discovery 2019-12-13
Entry 2019-12-26
wordpress
fr-wordpress

< 5.3.1,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress

< 5.3.1

https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/