Vulnerability & Exploit Database

Back to search

FreeBSD: VID-A2589511-D6BA-11E7-88DD-00E04C1EA73D: wordpress -- multiple issues

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) November 28, 2017 December 01, 2017 January 26, 2018


wordpress developers reports:

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on html elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now