Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 21: 2015-15982 Critical: WordPress XSS And Permissions Issues

fedora
Calendar Grey September 25, 2015
Dist Fedora Esm H88
The recent release of WordPress 4.3.1 has raised alarms regarding certain security vulnerabilities; crucial patches are now available to rectify XSS threats and user permissions on Fedora 21.
**WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/ WordPress 4.3.1 is now available

Summary

Wordpress is an online publishing / weblog package that makes it very easy,

almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

Update Information:

**WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/ WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. * WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. * A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. * Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, ...

Topics%20covered

Topics Covered

security advisory security update critical Fedora XSS issue wordpress permission flaw

Change Log

References


[ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=1263657

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update wordpress' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: wordpress
Product: Fedora 21
Version: 4.3.1
Release: 1.fc21
URL: https://wordpress.org/
Summary: Blog tool and publishing platform

Topics%20covered

Topics Covered

security advisory security update critical Fedora XSS issue wordpress permission flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here