ArchLinux: 201703-14: wordpress: multiple issues
Summary
- CVE-2017-6814 (cross-site scripting)
An authenticated cross-site scripting (XSS) vulnerability has been
discovered in WordPress before 4.7.3 via Media File Metadata. This is
demonstrated by both (1) mishandling of the playlist shortcode in the
wp_playlist_shortcode function in wp-includes/media.php and (2)
mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
- CVE-2017-6815 (insufficient validation)
A vulnerability has been discovered in WordPress before 4.7.3 (wp-includes/pluggable.php) that certain control characters can trick
redirect URL validation.
- CVE-2017-6816 (insufficient validation)
It has been discovered that unintended files can be deleted by
administrators in WordPress before 4.7.3 (wp-admin/plugins.php) using
the plugin deletion functionality.
- CVE-2017-6817 (cross-site scripting)
An authenticated cross-site scripting (XSS) vulnerability has been
discovered in in WordPress before 4.7.3 (wp-includes/embed.php) via
YouTube URL Embeds.
- CVE-2017-6818 (cross-site scripting)
A cross-site scripting (XSS) vulnerability has been discovered in
WordPress before 4.7.3 (wp-admin/js/tags-box.js) via taxonomy term
names.
- CVE-2017-6819 (cross-site request forgery)
A cross-site request forgery (CSRF) vulnerability exists on the Press
This page of WordPress. This issue can be used to create a Denial of
Service (DoS) condition if an authenticated administrator visits a
malicious URL.
Resolution
Upgrade to 4.7.3-1.
# pacman -Syu "wordpress>=4.7.3-1"
The problems have been fixed upstream in version 4.7.3.
References
https://wordpress.org/documentation/wordpress-version/version-4-7-3/ https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8 https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9 https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829 https://security.archlinux.org/CVE-2017-6814 https://security.archlinux.org/CVE-2017-6815 https://security.archlinux.org/CVE-2017-6816 https://security.archlinux.org/CVE-2017-6817 https://security.archlinux.org/CVE-2017-6818 https://security.archlinux.org/CVE-2017-6819
Workaround
None.