Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 601
Alerts This Week
Warning Icon 1 601

Debian: DLA-1673-1 Critical: wordpress Metadata Bypass and XSS

debian lts
Calendar Grey February 12, 2019
Dist Debian Esm H88
Package : wordpress Version : 4.1.25+dfsg-1+deb8u1 CVE ID : CVE-2018-20147 CVE-2018-20148 CVE-2018-2
CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on

Summary

Authors could modify metadata to bypass intended restrictions on
deleting files.

CVE-2018-20148
Contributors could conduct PHP object injection attacks via crafted
metadata in a wp.getMediaItem XMLRPC call. This is caused by
mishandling of serialized data at phar:// URLs in the
wp_get_attachment_thumb_file function in wp-includes/post.php.

CVE-2018-20149

When the Apache HTTP Server is used, authors could upload crafted
files that bypass intended MIME type restrictions, leading to XSS,
as demonstrated by a .jpg file without JPEG data.

CVE-2018-20150

Crafted URLs could trigger XSS for certain use cases involving
plugins.

CVE-2018-20151

The user-activation page could be read by a search engine's web
crawler if an unusual configuration were chosen. The search engine
could then index and display a user's e-mail address and (rarely)
the password that was generated by default.

CVE-2018-20152

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: wordpress
Version: 4.1.25+dfsg-1+deb8u1
CVE ID: CVE-2018-20147 CVE-2018-20148 CVE-2018-20149
Debian Bug: 916403

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.