FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
459df1ba-051c-11ea-9673-4c72b94353b5wordpress -- multiple issues

wordpress developers reports:

Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.

rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.

Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.

rops to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.

Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.

Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.


Discovery 2019-10-14
Entry 2019-11-12
wordpress
fr-wordpress
lt 5.2.4,1

de-wordpress
zh_CN-wordpress
zh_TW-wordpress
ja-wordpress
ru-wordpress
lt 5.2.4

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/