Arch Linux: 201601-2 Medium: Wordpress Cross-Site Scripting Threat
Jan 09, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package wordpress before version 4.4.1-1 is vulnerable to cross-side scripting.
Arch Linux Security Advisory ASA-201601-2 ======================================== Severity: Medium Date : 2016-01-09 CVE-ID : CVE-2016-1564 Package : wordpress Type : cross-side scripting Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package wordpress before version 4.4.1-1 is vulnerable to cross-side scripting. Resolution ========= Upgrade to 4.4.1-1. # pacman -Syu "wordpress>=4.4.1-1" The problem has been fixed upstream in version 4.4.1. Workaround ========= None. Description ========== A cross-site scripting vulnerability has been discovered that could allow a site to be compromised. Impact ===== A remote attacker is able to inject unescaped HTML and javascript leading to cross-side scripting that could result in a site to be compromised. References ========= https://access.redhat.com/security/cve/CVE-2016-1564 https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/ https://core.trac.wordpress.org/changeset/36185
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!