FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c04dc18f-fcde-11e7-bdf6-00e04c1ea73d	wordpress -- multiple issues wordpress developers reports: JavaScript errors that prevented saving posts in Firefox have been fixed. The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored. Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map. Discovery 2018-01-16 Entry 2018-01-19 wordpress fr-wordpress < 4.9.2,1 de-wordpress ja-wordpress ru-wordpress zh-wordpress-zh_CN zh-wordpress-zh_TW < 4.9.2 https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
a2589511-d6ba-11e7-88dd-00e04c1ea73d	wordpress -- multiple issues wordpress developers reports: Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the language attributes used on html elements. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability. Discovery 2017-11-29 Entry 2017-12-01 wordpress fr-wordpress < 4.9.1,1 de-wordpress ja-wordpress ru-wordpress zh-wordpress-zh_CN zh-wordpress-zh_TW < 4.9.1 https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
a5bb7ea0-3e58-11e7-94a2-00e04c1ea73d	Wordpress -- multiple vulnerabilities WordPress versions 4.7.4 and earlier are affected by six security issues Insufficient redirect validation in the HTTP class. Improper handling of post meta data values in the XML-RPC API. Lack of capability checks for post meta data in the XML-RPC API. A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Discovery 2017-05-16 Entry 2017-05-21 wordpress fr-wordpress < 4.7.5,1 de-wordpress ja-wordpress ru-wordpress zh-wordpress-zh_CN zh-wordpress-zh_TW < 4.7.5 https://wordpress.org/news/2017/05/wordpress-4-7-5/

VuXML ID

Description

c04dc18f-fcde-11e7-bdf6-00e04c1ea73d

wordpress -- multiple issues

wordpress developers reports:

JavaScript errors that prevented saving posts in Firefox have been fixed.

The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.

Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.

Discovery 2018-01-16
Entry 2018-01-19
wordpress
fr-wordpress

< 4.9.2,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW

< 4.9.2

https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/

a2589511-d6ba-11e7-88dd-00e04c1ea73d

wordpress -- multiple issues

wordpress developers reports:

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on html elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Discovery 2017-11-29
Entry 2017-12-01
wordpress
fr-wordpress

< 4.9.1,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW

< 4.9.1

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

a5bb7ea0-3e58-11e7-94a2-00e04c1ea73d

Wordpress -- multiple vulnerabilities

WordPress versions 4.7.4 and earlier are affected by six security issues

Insufficient redirect validation in the HTTP class.

Improper handling of post meta data values in the XML-RPC API.

Lack of capability checks for post meta data in the XML-RPC API.

A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.

A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

Discovery 2017-05-16
Entry 2017-05-21
wordpress
fr-wordpress

< 4.7.5,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW

< 4.7.5

https://wordpress.org/news/2017/05/wordpress-4-7-5/