Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-7B97B32E-27C4-11EA-9673-4C72B94353B5: wordpress -- multiple issues

Back to Search

FreeBSD: VID-7B97B32E-27C4-11EA-9673-4C72B94353B5: wordpress -- multiple issues

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
12/13/2019
Created
12/28/2019
Added
12/27/2019
Modified
12/27/2019

Description

wordpress developers reports:

Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade.

If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues.

-Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.

-Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS)

could be stored in well-crafted links.

-Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named

colon attribute.

-Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Solution(s)

  • freebsd-upgrade-package-de-wordpress
  • freebsd-upgrade-package-fr-wordpress
  • freebsd-upgrade-package-ja-wordpress
  • freebsd-upgrade-package-ru-wordpress
  • freebsd-upgrade-package-wordpress
  • freebsd-upgrade-package-zh_cn-wordpress
  • freebsd-upgrade-package-zh_tw-wordpress

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;