Debian: DSA-5685-1 Critical: WordPress Multiple Security Issues
debian
May 8, 2024
Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized a...
Summary
Several security vulnerabilities have been discovered in Wordpress, a popular
content management framework, which may lead to exposure of sensitive
information to an unauthorized actor in WordPress or allowing unauthenticated
attackers to discern the email addresses of users who have published public
posts on an affected website via an Oracle style attack.
Furthermore this update resolves a possible cross-site-scripting vulnerability,
a PHP File Upload bypass via the plugin installer and a possible remote code
execution vulnerability which requires an attacker to control all the
properties of a deserialized object though.
For the oldstable distribution (bullseye), these problems have been fixed
in version 5.7.11+dfsg1-0+deb11u1.
For the stable distribution (bookworm), these problems have been fixed in
version 6.1.6+dfsg1-0+deb12u1.
We recommend that you upgrade your wordpress packages.
For the detailed security status of wordpress please refer to
its security tracker page at:
https://security-track...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: wordpress
CVE ID: CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!