ArchLinux: 201510-24: wordpress: multiple issues
Summary
- CVE-2015-5714 (cross-side scripting)
A cross-site scripting vulnerability has been discovered when processing
shortcode tags.
- CVE-2015-5715 (insufficient permission restriction)
A vulnerability has been discovered, allowing users without proper
permissions to publish private posts and make them sticky.
- CVE-2015-7989 (cross-side scripting)
A cross-site scripting vulnerability has been discovered in the user
list tables.
Resolution
Upgrade to 4.3.1-1.
# pacman -Syu "wordpress>=4.3.1-1"
The problems have been fixed upstream in version 4.3.1.
References
https://access.redhat.com/security/cve/CVE-2015-5714 https://access.redhat.com/security/cve/CVE-2015-5715 https://access.redhat.com/security/cve/CVE-2015-7989 https://wordpress.org/documentation/wordpress-version/version-4-3-1/ https://seclists.org/oss-sec/2015/q4/178
Workaround
None.