ArchLinux: 201508-2: wordpress: multiple issues
Summary
- CVE-2015-2213:
SQL injection in comments ID.
- CVE-2015-5730:
Timing attack in widgets.
- CVE-2015-5731:
Denial of service by locking a post from being edited.
- CVE-2015-5732, CVE-2015-5733 CVE-2015-5734:
XSS.
Resolution
Upgrade to 4.2.4-1>.
# pacman -Syu "wordpress>=4.2.4-1"
The problem has been fixed upstream in version 4.2.4.
References
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ https://wordpress.org/documentation/wordpress-version/version-4-2-4/ https://access.redhat.com/security/cve/CVE-2015-2213 https://access.redhat.com/security/cve/CVE-2015-5730 https://access.redhat.com/security/cve/CVE-2015-5731 https://access.redhat.com/security/cve/CVE-2015-5732 https://access.redhat.com/security/cve/CVE-2015-5733 https://access.redhat.com/security/cve/CVE-2015-5734
Workaround
None.