Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201508-2 ======================================== Severity: High Date : 2015-08-07 CVE-ID : CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734 Package : wordpress Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package wordpress before version 4.2.4-1 is vulnerable to multiple issues, including XSS and SQL injection. Resolution ========= Upgrade to 4.2.4-1>. # pacman -Syu "wordpress>=4.2.4-1" The problem has been fixed upstream in version 4.2.4. Workaround ========= None. Description ========== - CVE-2015-2213: SQL injection in comments ID. - CVE-2015-5730: Timing attack in widgets. - CVE-2015-5731: Denial of service by locking a post from being edited. - CVE-2015-5732, CVE-2015-5733 CVE-2015-5734: XSS. Impact ===== A remote attacker could lock a post from being edited, or compromise a site running wordpress. References ========= https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ https://wordpress.org/documentation/wordpress-version/version-4-2-4/ https://access.redhat.com/security/cve/CVE-2015-2213 https://access.redhat.com/security/cve/CVE-2015-5730 https://access.redhat.com/security/cve/CVE-2015-5731 https://access.redhat.com/security/cve/CVE-2015-5732 https://access.redhat.com/security/cve/CVE-2015-5733 https://access.redhat.com/security/cve/CVE-2015-5734