FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple vulnerabilities

Affected packages
wordpress < 4.6.1,1
de-wordpress < 4.6.1
ja-wordpress < 4.6.1
ru-wordpress < 4.6.1
zh-wordpress-zh_CN < 4.6.1
zh-wordpress-zh_TW < 4.6.1


VuXML ID 54e50cd9-c1a8-11e6-ae1b-002590263bf5
Discovery 2016-09-07
Entry 2016-12-14

Jeremy Felt reports:

WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.