FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
043d3a78-f245-4938-9bc7-3d0d35dd94bfwordpress -- multiple vulnerabilities

The wordpress development team reports:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, we've adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.


Discovery 2013-09-11
Entry 2013-10-19
Modified 2014-04-30
zh-wordpress-zh_CN
< 3.6.1

zh-wordpress-zh_TW
< 3.6.1

de-wordpress
< 3.6.1

ja-wordpress
< 3.6.1

ru-wordpress
< 3.6.1

wordpress
< 3.6.1

CVE-2013-4338
CVE-2013-4339
CVE-2013-4340
CVE-2013-5738
CVE-2013-5739
http://wordpress.org/news/2013/09/wordpress-3-6-1/
049332d2-f6e1-11e2-82f3-000c29ee3065wordpress -- multiple vulnerabilities

The wordpress development team reports:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site
  • Disallow contributors from improperly publishing posts
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities
  • Prevention of a denial of service attack, affecting sites using password-protected posts
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability
  • Multiple fixes for cross-site scripting
  • Avoid disclosing a full file path when a upload fails

Discovery 2013-06-21
Entry 2013-07-27
Modified 2014-04-30
wordpress
< 3.5.2,1

zh-wordpress-zh_CN
< 3.5.2

zh-wordpress-zh_TW
< 3.5.2

de-wordpress
< 3.5.2

ja-wordpress
< 3.5.2

ru-wordpress
< 3.5.2

CVE-2013-2199
CVE-2013-2200
CVE-2013-2201
CVE-2013-2202
CVE-2013-2203
CVE-2013-2204
CVE-2013-2205
https://wordpress.org/news/2013/06/wordpress-3-5-2/
0640198a-d117-11de-b667-0030843d3802wordpress -- multiple vulnerabilities

secunia reports:

The security issue is caused due to the wp_check_filetype() function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions.

Successful exploitation of this vulnerability requires that Apache is not configured to handle the mime-type for media files with an e.g. "gif", "jpg", "png", "tif", "wmv" extension.

Input passed via certain parameters to press-this.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.


Discovery 2009-11-12
Entry 2009-11-14
Modified 2010-05-02
wordpress
< 2.8.6,1

de-wordpress
< 2.8.6

CVE-2009-3890
CVE-2009-3891
http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/
http://secunia.com/advisories/37332/
0838733d-1698-11dc-a197-0011098b2f36wordpress -- XMLRPC SQL Injection

Secunia reports:

Slappter has discovered a vulnerability in WordPress, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "wp.suggestCategories" method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving usernames and password hashes, but requires valid user credentials and knowledge of the database table prefix.


Discovery 2007-06-06
Entry 2007-06-09
Modified 2007-06-24
wordpress
de-wordpress
zh-wordpress
< 2.2.1

24344
http://secunia.com/advisories/25552/
11325357-1d3c-11eb-ab74-4c72b94353b5wordpress -- multiple issues

wordpress developers reports:

Ten security issues affect WordPress versions 5.5.1 and earlier. If you havent yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues: -Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests. -Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network. -Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables. -Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC. -Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE. -Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs. -Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.


Discovery 2020-10-29
Entry 2020-11-02
wordpress
fr-wordpress
< 5.5.2,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress
< 5.5.2

https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
12b7b4cf-1d53-11d9-814e-0001020eed82wordpress -- XSS in administration panel

Pages in the administration panel of Wordpress are vulnerable for XSS attacks.


Discovery 2004-09-27
Entry 2004-10-13
wordpress
< 1.2.1

http://wordpress.org/development/2004/10/wp-121/
http://marc.theaimsgroup.com/?l=bugtraq&m=109641484723194
14ea4458-e5cd-11e6-b56d-38d547003487wordpress -- multiple vulnerabilities

Aaron D. Campbell reports:

WordPress versions 4.7.1 and earlier are affected by three security issues:

  • The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
  • WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
  • A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
  • An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.

Discovery 2017-01-26
Entry 2017-01-29
wordpress
< 4.7.2,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.7.2

CVE-2017-5610
CVE-2017-5611
CVE-2017-5612
http://www.openwall.com/lists/oss-security/2017/01/28/5
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
15ee0e93-4bbb-11e9-9ba0-4c72b94353b5wordpress -- multiple issues

wordpress developers reports:

Hosts can now offer a button for their users to update PHP.

The recommended PHP version used by the Update PHP notice can now be filtered.


Discovery 2019-03-12
Entry 2019-03-21
wordpress
fr-wordpress
< 5.1.1,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress
< 5.1.1

https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
2430e9c3-8741-11de-938e-003048590f9ewordpress -- remote admin password reset vulnerability

WordPress reports:

A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.


Discovery 2009-08-10
Entry 2009-08-12
Modified 2010-05-02
wordpress
< 2.8.4,1

de-wordpress
< 2.8.4

wordpress-mu
< 2.8.4a

CVE-2009-2762
http://wordpress.org/development/2009/08/2-8-4-security-release/
http://www.milw0rm.com/exploits/9410
30149157-f926-11e1-95cd-001fd0af1a4cwordpress -- multiple unspecified privilege escalation bugs

Wordpress reports:

Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.


Discovery 2012-09-06
Entry 2012-09-07
wordpress
< 3.4.2

http://wordpress.org/news/2012/09/wordpress-3-4-2/
3686917b-164d-11e6-94fa-002590263bf5wordpress -- multiple vulnerabilities

Helen Hou-Sandi reports:

WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.


Discovery 2016-05-06
Entry 2016-05-10
wordpress
< 4.5.2,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.5.2

CVE-2016-4566
CVE-2016-4567
https://wordpress.org/news/2016/05/wordpress-4-5-2/
http://www.openwall.com/lists/oss-security/2016/05/07/7
3a4a3e9c-a1fe-11dd-81be-001c2514716cwordpress -- snoopy "_httpsrequest()" shell command execution vulnerability

The Wordpress development team reports:

A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.


Discovery 2008-10-23
Entry 2008-10-24
wordpress
de-wordpress
wordpress-mu
< 2.6.3

31887
http://secunia.com/Advisories/32361/
http://wordpress.org/development/2008/10/wordpress-263/
459df1ba-051c-11ea-9673-4c72b94353b5wordpress -- multiple issues

wordpress developers reports:

Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.

rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.

Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.

rops to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.

Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.

Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.


Discovery 2019-10-14
Entry 2019-11-12
wordpress
fr-wordpress
< 5.2.4,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress
< 5.2.4

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
4740174c-82bb-11e8-a29a-00e04c1ea73dwordpress -- multiple issues

wordpressdevelopers reports:

Taxonomy: Improve cache handling for term queries.

Posts, Post Types: Clear post password cookie when logging out.

Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.

Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.

Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.


Discovery 2018-07-05
Entry 2018-07-08
wordpress
fr-wordpress
< 4.9.7,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress
< 4.9.7

https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
4b98613c-0078-11e9-b05b-00e04c1ea73dwordpress -- multiple issues

wordpress developers reports:

WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.

Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to.

Simon Scannell of RIPS Technologies discovered that authors could create posts of unauthorized post types with specially crafted input.

Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection.

Tim Coen discovered that contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.

Tim Coen also discovered that specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations.

Team Yoast discovered that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.

Tim Coen and Slavco discovered that authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.


Discovery 2018-12-13
Entry 2018-12-15
wordpress
fr-wordpress
< 5.0.1,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress
< 5.0.1

https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
505904d3-ea95-11e4-beaf-bcaec565249cwordpress -- multiple vulnerabilities

Gary Pendergast reports:

WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.

We also fixed three other security issues:

  • In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
  • In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
  • Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.

We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.


Discovery 2015-04-21
Entry 2015-04-24
Modified 2015-04-24
wordpress
< 4.1.2

de-wordpress
< 4.1.2

ja-wordpress
< 4.1.2

ru-wordpress
< 4.1.2

zh-wordpress-zh_CN
< 4.1.2

zh-wordpress-zh_TW
< 4.1.2

https://wordpress.org/news/2015/04/wordpress-4-1-2/
54e50cd9-c1a8-11e6-ae1b-002590263bf5wordpress -- multiple vulnerabilities

Jeremy Felt reports:

WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.


Discovery 2016-09-07
Entry 2016-12-14
wordpress
< 4.6.1,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.6.1

https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
559e00b7-6a4d-11e2-b6b0-10bf48230856wordpress -- multiple vulnerabilities

Wordpress reports:

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
  • Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
  • A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Discovery 2013-01-24
Entry 2013-01-29
Modified 2014-04-30
wordpress
< 3.5.1,1

zh-wordpress-zh_CN
< 3.5.1

zh-wordpress-zh_TW
< 3.5.1

de-wordpress
< 3.5.1

ja-wordpress
< 3.5.1

ru-wordpress
< 3.5.1

CVE-2013-0235
CVE-2013-0236
CVE-2013-0237
5df757ef-a564-11ec-85fa-a0369f7f7be0wordpress -- multiple issues

wordpress developers reports:

This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. The security team would like to thank the following people for responsively reporting vulnerabilities, allowing them to be fixed in this release: -Melar Dev, for finding a Prototype Pollution Vulnerability in a jQuery dependency -Ben Bidner of the WordPress security team, for finding a Stored Cross Site Scripting Vulnerability -Researchers from Johns Hopkins University, for finding a Prototype Pollution Vulnerability in the block editor


Discovery 2022-03-11
Entry 2022-03-16
wordpress
fr-wordpress
< 5.9.2,1

de-wordpress
zh_CN-wordpress
th_TW-wordpress
ja-wordpress
ru-wordpress
< 5.9.2

https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
5e135178-8aeb-11e4-801f-0022156e8794wordpress -- multiple vulnerabilities

MITRE reports:

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.

Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.


Discovery 2014-11-25
Entry 2015-01-05
wordpress
< 3.7.5,1

ge 3.8,1 lt 3.8.5,1

ge 3.9,1 lt 3.9.3,1

ge 4.0,1 lt 4.0.1,1

zh-wordpress
< 3.7.5

ge 3.8 lt 3.8.5

ge 3.9 lt 3.9.3

ge 4.0 lt 4.0.1

de-wordpress
< 3.7.5

ge 3.8 lt 3.8.5

ge 3.9 lt 3.9.3

ge 4.0 lt 4.0.1

ja-wordpress
< 3.7.5

ge 3.8 lt 3.8.5

ge 3.9 lt 3.9.3

ge 4.0 lt 4.0.1

ru-wordpress
< 3.7.5

ge 3.8 lt 3.8.5

ge 3.9 lt 3.9.3

ge 4.0 lt 4.0.1

CVE-2014-9033
CVE-2014-9034
CVE-2014-9035
CVE-2014-9036
CVE-2014-9037
CVE-2014-9038
CVE-2014-9039
622bc638-be27-11dd-a578-0030843d3802wordpress -- header rss feed script insertion vulnerability

Secunia reports:

Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.


Discovery 2008-11-26
Entry 2008-11-29
Modified 2010-05-02
wordpress
de-wordpress
wordpress-mu
< 2.6.5

zh-wordpress
gt 0

CVE-2008-5278
http://secunia.com/advisories/32882/
http://wordpress.org/development/2008/11/wordpress-265/
63347ee7-6841-11dc-82b6-02e0185f8d72wordpress -- remote sql injection vulnerability

Alexander Concha reports:

While testing WordPress, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like parameters.


Discovery 2007-09-10
Entry 2007-09-21
wordpress
< 2.2.3,1

de-wordpress
zh-wordpress
< 2.2.3

wordpress-mu
< 1.2.4,2

CVE-2007-4894
http://www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.html
6a31cbe3-1695-11dc-a197-0011098b2f36wordpress -- unmoderated comments disclosure

Blogsecurity reports:

An attacker can read comments on posts that have not been moderated. This can be a real security risk if blog admins are using unmoderated comments (comments that have not been made public) to hide sensitive notes regarding posts, future work, passwords etc. So please be careful if you are one of these blog admins.


Discovery 2007-06-01
Entry 2007-06-09
Modified 2007-08-16
wordpress
de-wordpress
zh-wordpress
< 2.2.2

http://blogsecurity.net/news/news-310507/
79b65dc5-749f-11ec-8be6-d4c9ef517024WordPress -- Multiple Vulnerabilities

The WordPress project reports:

  • Issue with stored XSS through post slugs
  • Issue with Object injection in some multisite installations
  • SQL injection vulnerability in WP_Query
  • SQL injection vulnerability in WP_Meta_Query

Discovery 2022-01-06
Entry 2022-01-13
wordpress
< 5.8.3,1

https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
7b97b32e-27c4-11ea-9673-4c72b94353b5wordpress -- multiple issues

wordpress developers reports:

Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. -Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links. -Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. -Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.


Discovery 2019-12-13
Entry 2019-12-26
wordpress
fr-wordpress
< 5.3.1,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress
< 5.3.1

https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
810df820-3664-11e1-8fe3-00215c6a37bbWordPress -- cross site scripting vulnerability

WordPress development team reports:

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.


Discovery 2012-01-03
Entry 2012-01-03
wordpress
< 3.3.1,1

de-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 3.3.1

http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312
82752070-0349-11e7-b48d-00e04c1ea73dwordpress -- multiple vulnerabilities

WordPress versions 4.7.2 and earlier are affected by six security issues.

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Discovery 2017-03-07
Entry 2017-03-07
wordpress
< 4.7.3,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.7.3

http://www.openwall.com/lists/oss-security/2017/03/07/3
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
884fced7-7f1c-11dd-a66a-0019666436c2wordpress -- remote privilege escalation

The Wordpress development team reports:

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.


Discovery 2008-09-08
Entry 2008-10-22
Modified 2010-05-12
wordpress
de-wordpress
wordpress-mu
< 2.6.2

zh-wordpress
gt 0

31068
CVE-2008-4107
http://wordpress.org/development/2008/09/wordpress-262/
8a9f86de-d080-11e9-9051-4c72b94353b5wordpress -- multiple issues

wordpress developers reports:

Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.

Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.

Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.

Props to Zhouyuan Yang of Fortinets FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.

Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.

Props to Soroush Dalilifrom NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.

In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.


Discovery 2019-09-05
Entry 2019-09-06
wordpress
fr-wordpress
< 5.2.3,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress
< 5.2.3

https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
8c93e997-30e0-11e0-b300-485d605f4717wordpress -- SQL injection vulnerability

Vendor reports:

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.


Discovery 2010-11-16
Entry 2011-02-05
Modified 2011-02-09
wordpress
< 3.0.2,1

de-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 3.0.2

CVE-2010-4257
http://www.cvedetails.com/cve/CVE-2010-4257/
a2589511-d6ba-11e7-88dd-00e04c1ea73dwordpress -- multiple issues

wordpress developers reports:

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on html elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.


Discovery 2017-11-29
Entry 2017-12-01
wordpress
fr-wordpress
< 4.9.1,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.9.1

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
a467d0f9-8875-11dc-b3ba-0016179b2dd5wordpress -- cross-site scripting

A Secunia Advisory report:

Input passed to the "posts_columns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2007-10-29
Entry 2007-11-01
wordpress
de-wordpress
< 2.3.1

zh-wordpress
gt 0

CVE-2007-5710
http://secunia.com/advisories/27407
http://wordpress.org/development/2007/10/wordpress-231/
a48d4478-e23f-4085-8ae4-6b3a7b6f016bwordpress -- multiple issues

wordpress developers report:

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.


Discovery 2017-09-23
Entry 2017-09-29
wordpress
< 4.8.2

http://www.securityfocus.com/bid/100912
https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
https://core.trac.wordpress.org/changeset/41393
https://core.trac.wordpress.org/changeset/41395
https://core.trac.wordpress.org/changeset/41397
https://core.trac.wordpress.org/changeset/41412
https://core.trac.wordpress.org/changeset/41448
https://core.trac.wordpress.org/changeset/41457
https://wpvulndb.com/vulnerabilities/8911
https://wpvulndb.com/vulnerabilities/8912
https://wpvulndb.com/vulnerabilities/8913
https://wpvulndb.com/vulnerabilities/8914
CVE-2017-14718
CVE-2017-14719
CVE-2017-14720
CVE-2017-14721
CVE-2017-14722
CVE-2017-14724
CVE-2017-14726
a4955b32-ed84-11d9-8310-0001020eed82wordpress -- multiple vulnerabilities

A Gentoo Linux Security Advisory reports:

Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks.

An attacker could use the SQL injection vulnerabilities to gain information from the database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim's browser.


Discovery 2005-04-12
Entry 2005-07-05
wordpress
< 1.5.1.2,1

CVE-2005-1810
http://www.gentoo.org/security/en/glsa/glsa-200506-04.xml
a5bb7ea0-3e58-11e7-94a2-00e04c1ea73dWordpress -- multiple vulnerabilities

WordPress versions 4.7.4 and earlier are affected by six security issues

  • Insufficient redirect validation in the HTTP class.
  • Improper handling of post meta data values in the XML-RPC API.
  • Lack of capability checks for post meta data in the XML-RPC API.
  • A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
  • A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

Discovery 2017-05-16
Entry 2017-05-21
wordpress
fr-wordpress
< 4.7.5,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.7.5

https://wordpress.org/news/2017/05/wordpress-4-7-5/
ac5ec8e3-3c6c-11e5-b921-00a0986f28c4wordpress -- Multiple vulnerability

Gary Pendergast reports:

WordPress 4.2.4 fixes three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site.


Discovery 2015-08-04
Entry 2015-08-06
Modified 2015-09-15
wordpress
< 4.2.4,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.2.4

https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
CVE-2015-2213
CVE-2015-5730
CVE-2015-5731
CVE-2015-5732
CVE-2015-5733
CVE-2015-5734
b180d1fb-dac6-11e6-ae1b-002590263bf5wordpress -- multiple vulnerabilities

Aaron D. Campbell reports:

WordPress versions 4.7 and earlier are affected by eight security issues...


Discovery 2017-01-11
Entry 2017-01-15
wordpress
< 4.7.1,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.7.1

CVE-2017-5487
CVE-2017-5488
CVE-2017-5489
CVE-2017-5490
CVE-2017-5491
CVE-2017-5492
CVE-2017-5493
http://www.openwall.com/lists/oss-security/2017/01/14/6
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
b384cc5b-8d56-11e1-8d7b-003067b2972cwordpress -- multiple vulnerabilities

Wordpress reports:

External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
  • Cross-site scripting vulnerability when making URLs clickable.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.

Discovery 2012-04-20
Entry 2012-04-23
wordpress
< 3.3.2,1

CVE-2012-2399
CVE-2012-2400
CVE-2012-2401
CVE-2012-2402
CVE-2012-2403
CVE-2012-2404
https://codex.wordpress.org/Version_3.3.2
ba4f9b19-ed9d-11e4-9118-bcaec565249cwordpress -- cross-site scripting vulnerability

Gary Pendergast reports:

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnöne.


Discovery 2015-04-27
Entry 2015-05-07
Modified 2015-09-15
wordpress
< 4.2.1,1

de-wordpress
< 4.2.1

ja-wordpress
< 4.2.1

ru-wordpress
< 4.2.1

zh-wordpress-zh_CN
< 4.2.1

zh-wordpress-zh_TW
< 4.2.1

https://wordpress.org/news/2015/04/wordpress-4-2-1/
be38245e-44d9-11e8-a292-00e04c1ea73dwordpress -- multiple issues

wordpress developers reports:

Don't treat localhost as same host by default.

Use safe redirects when redirecting the login page if SSL is forced.

Make sure the version string is correctly escaped for use in generator tags.


Discovery 2018-04-03
Entry 2018-04-20
wordpress
fr-wordpress
< 4.9.5,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
< 4.9.5

https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
bfcc23b6-3b27-11e6-8e82-002590263bf5wordpress -- multiple vulnerabilities

Adam Silverstein reports:

WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönenand Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.


Discovery 2016-06-18
Entry 2016-06-25
wordpress
< 4.5.3,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.5.3

CVE-2016-5832
CVE-2016-5833
CVE-2016-5834
CVE-2016-5835
CVE-2016-5836
CVE-2016-5837
CVE-2016-5838
CVE-2016-5839
ports/210480
ports/210581
https://wordpress.org/news/2016/06/wordpress-4-5-3/
http://www.openwall.com/lists/oss-security/2016/06/23/9
c04dc18f-fcde-11e7-bdf6-00e04c1ea73dwordpress -- multiple issues

wordpress developers reports:

JavaScript errors that prevented saving posts in Firefox have been fixed.

The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.

Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.


Discovery 2018-01-16
Entry 2018-01-19
wordpress
fr-wordpress
< 4.9.2,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.9.2

https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
c80b27a2-3165-11e5-8a1d-14dae9d210b8wordpress -- XSS vulnerability

Gary Pendergast reports:

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team.


Discovery 2015-07-23
Entry 2015-07-23
Modified 2015-09-15
wordpress
< 4.2.3,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.2.3

https://wordpress.org/news/2015/07/wordpress-4-2-3/
CVE-2015-5622
CVE-2015-5623
cee3d12f-bf41-11e7-bced-00e04c1ea73dwordpress -- multiple issues

wordpress developers reports:

WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins and themes from accidentally causing a vulnerability.


Discovery 2017-10-31
Entry 2017-11-01
wordpress
< 4.8.3,1

https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
d86890da-f498-11e4-99aa-bcaec565249cwordpress -- 2 cross-site scripting vulnerabilities

Samuel Sidler reports:

The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.

WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue.

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.


Discovery 2015-05-07
Entry 2015-05-07
Modified 2015-09-15
wordpress
< 4.2.2,1

de-wordpress
< 4.2.2

ja-wordpress
< 4.2.2

ru-wordpress
< 4.2.2

zh-wordpress-zh_CN
< 4.2.2

zh-wordpress-zh_TW
< 4.2.2

https://wordpress.org/news/2015/05/wordpress-4-2-2/
dca0a345-ed81-11d9-8310-0001020eed82wordpress -- multiple vulnerabilities

GulfTech Security Research reports:

There are a number of vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, and also issues that may aid an attacker in social engineering.


Discovery 2005-06-28
Entry 2005-07-05
wordpress
< 1.5.1.3,1

CVE-2005-2107
CVE-2005-2108
CVE-2005-2109
CVE-2005-2110
http://marc.theaimsgroup.com/?l=bugtraq&m=112006967221438
e0b342a1-d2ae-11da-a672-000e0c2e438awordpress -- full path disclosure

Dedi Dwianto reports:

A remote user can access the file directly to cause the system to display an error message that indicates the installation path. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.


Discovery 2005-12-20
Entry 2006-04-23
wordpress
< 1.5.2

CVE-2005-4463
http://echo.or.id/adv/adv24-theday-2005.txt
f4ce64c2-5bd4-11e5-9040-3c970e169bc2wordpress -- multiple vulnerabilities

Samuel Sidler reports:

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

  • WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
  • A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
  • Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.

Discovery 2015-09-15
Entry 2015-09-15
Modified 2015-10-29
wordpress
< 4.3.1,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.3.1

CVE-2015-5714
CVE-2015-5715
CVE-2015-7989
http://www.openwall.com/lists/oss-security/2015/10/28/1
https://wordpress.org/news/2015/09/wordpress-4-3-1/
fb754341-c3e2-11e5-b5fe-002590263bf5wordpress -- XSS vulnerability

Aaron Jorbin reports:

WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.


Discovery 2016-01-06
Entry 2016-01-26
Modified 2016-03-08
wordpress
< 4.4.1,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.4.1

CVE-2016-1564
http://www.openwall.com/lists/oss-security/2016/01/08/3
https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
fef03980-e4c6-11e5-b2bd-002590263bf5wordpress -- multiple vulnerabilities

Samuel Sidler reports:

WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.


Discovery 2016-02-02
Entry 2016-03-08
wordpress
< 4.4.2,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
< 4.4.2

CVE-2016-2221
CVE-2016-2222
http://www.openwall.com/lists/oss-security/2016/02/04/6
https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/