Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201510-24 ========================================= Severity: Medium Date : 2015-10-30 CVE-ID : 2015-5714 2015-5715 CVE-2015-7989 Package : wordpress Type : multiple issues Remote : Yes Link : Summary ====== The package wordpress before version 4.3.1-1 is vulnerable to cross-side scripting and insufficient permission restriction. Resolution ========= Upgrade to 4.3.1-1. # pacman -Syu "wordpress>=4.3.1-1" The problems have been fixed upstream in version 4.3.1. Workaround ========= None. Description ========== - CVE-2015-5714 (cross-side scripting) A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 (insufficient permission restriction) A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them sticky. - CVE-2015-7989 (cross-side scripting) A cross-site scripting vulnerability has been discovered in the user list tables. Impact ===== A remote attacker is able do perform cross-side scripting attacks or publish private posts and make them sticky. References ========= https://access.redhat.com/security/cve/CVE-2015-5714 https://access.redhat.com/security/cve/CVE-2015-5715 https://access.redhat.com/security/cve/CVE-2015-7989 https://wordpress.org/documentation/wordpress-version/version-4-3-1/ https://seclists.org/oss-sec/2015/q4/178